WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Remote smart filtering communication management system    

Get related patents on CD
United States Patent5541911   
Link to this pagehttp://www.wikipatents.com/5541911.html
Inventor(s)Nilakantan; Chandrasekharan (Cupertino, CA); Yum; Kiho (Campbell, CA); Lin; Ta-Sheng (San Jose, CA)
AbstractNetwork traffic from a central device across a communication link to a remote device is controlled based upon central traffic management resources in the central device. The central traffic management resources are coupled to a communication link and monitor data packets received across the communication link to learn characteristics of the remote network. Based on the learned characteristics, traffic management messages are generated in the central traffic management resources. These messages are forwarded to an interface device on the remote network, where traffic on the communication link is controlled in response to the traffic management messages. Thus, the remote interface is configured automatically by central traffic management resources running in the central device without human intervention at the remote network. The traffic management messages manage traffic across a communication link of two types. First, traffic management messages identify types of packets to be forwarded from the remote interface across the communication link. Second, traffic management messages identify types of packets to be composed by the remote interface for communication to users of the remote network. Thus, packages originating on the remote network are filtered so that only necessary packets are forwarded to the central site. Similarly, packets which normally originate from the central site are "spoofed" at the remote site in response to management messages generated at the central site. The central traffic management resources execute a transport protocol for the traffic management messages which are independent of a network address for the remote interface.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Drawing from US Patent 5541911
Remote smart filtering communication management system - US Patent 5541911 Drawing
Remote smart filtering communication management system
Inventor     Nilakantan; Chandrasekharan (Cupertino, CA); Yum; Kiho (Campbell, CA); Lin; Ta-Sheng (San Jose, CA)
Owner/Assignee     3Com Corporation (Santa Clara, CA)
Patent assignment
All assignments
Company News
Publication Date     July 30, 1996
Application Number     08/321,748
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     October 12, 1994
US Classification     370/422 370/255 370/426 709/242
Int'l Classification     H04L 012/26
Examiner     Marcelo; Melvin
Assistant Examiner    
Attorney/Law Firm     Haynes & Davis
Address
Parent Case    
Priority Data    
USPTO Field of Search     370/17 370/60 370/60.1 370/85.13 370/85.14 370/94.1 370/94.2 370/13
Patent Tags     remote smart filtering communication management
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5434863
Onishi

Jul,1995
[0 after 0 votes]		5423002
Hart
709/249
Jun,1995
[0 after 0 votes]
5321694
Chang
370/235
Jun,1994
[0 after 0 votes]		5313465
Perlman
370/254
May,1994
[0 after 0 votes]
5280470
Buhrke
370/232
Jan,1994
[0 after 0 votes]		5280481
Chang
370/352
Jan,1994
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


We claim:

1. An apparatus for controlling network traffic from a central device across a communication link to a remote network connected to the communication link by a remote interface, comprising:

central traffic management resources in the central device, coupled to the communication link which monitor contents of data packets received across the communication link to learn characteristics of the remote network, produce traffic management messages in response to the learned characteristics, and forward the traffic management messages to the remote interface where traffic on the communication link is controlled in response to the traffic management messages.

2. The apparatus of claim 1, wherein the traffic management messages identify types of packets to be forwarded from the remote interface across the communication link.

3. The apparatus of claim 1, wherein the traffic management messages identify types of packets to be composed by the remote interface for communication to users of the remote network.

4. The apparatus of claim 1, wherein the central traffic management resources execute a transport protocol for the traffic management messages independent of a network address for the remote interface.

5. A system for controlling traffic across a communication link between a remote network and a central device, comprising:

a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;

central link management resources in the central device which monitor contents of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of network protocols executed by users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface; and

remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link.

6. The system of claim 5, wherein the central link management resources also generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface; and further including

remote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol.

7. The system of claim 6, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface; and further including

resources in the remote network interface which change the network management packets in response to the network management messages indicating the changes.

8. The system of claim 5, wherein the remote interface has a network address, and further including a transport mechanism which provides for communication of the link management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.

9. The system of claim 6, wherein the remote interface has a network address, and further including a transport mechanism which provides for communication of the link management messages and the remote network management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.

10. The system of claim 5, wherein the forwarding rules include a filter based upon source addresses in the data packets.

11. The system of claim 5, wherein the central device includes resources which forward data packets having destination addresses equal to addresses of users of the remote network across the communication link to the remote interface, which forwards the packets to the users of the network.

12. A system for controlling traffic across a communication link between a remote network and a central device, comprising:

a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets:

central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface; and

remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link;

wherein the forwarding rules include a table of source addresses, and the forwarding resources do not forward broadcast data packets having source addresses in the table to the central device.

13. The system of claim 12, wherein the remote link management resources update the table of source addresses in response to the link management messages received from the central link management resources.

14. The system of claim 13, wherein the central device includes multiprotocol router resources, and users of the remote network access the multiprotocol router resources through the remote interface.

15. A system for controlling traffic across a communication link between a remote network and a central device, comprising:

a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;

central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics generate link management messages, and forward the link management messages to the remote interface; and

remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link;

wherein the central device includes multiprotocol router resources, the remote interface has a network address, and users of the remote network access the multiprotocol router resources by sending packets through the remote interface where the forwarding resources forward such packets to the central device.

16. A system for controlling traffic across a communication link between a remote network and a central device, comprising:

a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets:

central link management resources in the central device which monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network, and in response to the learned characteristics, generate link management messages, and forward the link management messages to the remote interface, and also generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface;

remote link management resources in the remote interface responsive to the link management messages received from the central link management resources to tailor the forwarding rules to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link; and

remote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol;

wherein the remote network management resources include a table of network management packets to be communicated to users of the remote network according to the protocol, and resources to update the table in response to the network management messages.

17. The system of claim 16, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface; and further including

resources in the remote network interface which change the remote network management packets in response to the network management messages indicating the changes.

18. A system for controlling traffic across a communication link between a remote network and a central device, comprising:

a remote network interface, connected to the remote network, including data forwarding resources which according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets;

central link management resources in the central device which generate remote network management messages based on a protocol executed by other users of the central device, and forward the remote network management messages to the remote interface;

remote network management resources in the remote interface which produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol; and

wherein the central device includes multiprotocol router resources, the remote interface has a network address, and users of the remote network access the multiprotocol router resources by sending packets through the remote interface where the forwarding resources forward such packets to the central device.

19. The system of claim 18, wherein the central link management resources monitor characteristics of data packets received from other users of the central device to learn about changes which need to be made to the network management packets produced in the remote network management resources, generate network management messages indicating the changes, and forward the network management messages to the remote interface; and further including

resources in the remote network interface which change the network management packets in response to the network management messages indicating the changes.

20. The system of claim 18, further including a transport mechanism which provides for communication of the remote network management messages to the remote interface, wherein the transport mechanism is independent of the network address of the remote interface.

21. An apparatus that connects a first network and a second network, comprising:

a communication link;

a first processor, having a first interface coupled to the first network through which frames of data are transmitted and received to and from the first network and a second interface coupled to the communication link through which frames of data are transmitted and received to and from the communication link, the first processor providing network services to frames of data received through the first and second interfaces from users of the first and second networks and transmitting frames of data through the first interface to users of the first network and through the second interface across the communication link to users of the second network; and

a second processor, coupled to the second network and to the communication link, the second processor forwarding frames of data from users of the second network, which request the network services, or broadcast frames, across the communication link to the second interface of the first processor, and forwarding frames of data received across the communication link from the first processor to the second network;

a link manager in the first processor which monitor packets received across the communication link to learn characteristics of users of the second network, produce traffic management messages in response to the learned characteristics, and forward the traffic management messages to the second processor; and

a link manager agent in the second processor which filters broadcast frames in response to the traffic management messages.

22. The apparatus of claim 21, including:

resources in the first processor which generate traffic management messages based on a protocol executed by users of the first network;

resources in the second processor which produce network management packets in response to the traffic management messages, and communicate the network management packets to the users of the second network as needed according to the protocol.

23. The apparatus of claim 22, wherein the resources in the first processor monitor characteristics of data packets received from users of the first network to learn about changes which need to be made to the network management packets produced by the resources in the second processor, generate traffic management messages indicating the changes, and forward the traffic management messages to the second processor; and further including

resources in the second processor which change the network management packets in response to the traffic management messages indicating the changes.

24. The apparatus of claim 21, further including a transport mechanism which provides for communication of the traffic management messages to the second processor, wherein the transport mechanism is independent of the network address of the second processor.

25. The apparatus of claim 21, wherein the first processor includes multiprotocol router resources, and users of the second network access the multiprotocol router resources by sending packets through the second processor which forwards such packets to the first processor.

26. A method for managing traffic between a first node and second node connected by a communication link; comprising:

monitoring with processing resources in the first node contents of packets in traffic transmitted to and received from the network through the second node across the communication link;

developing with processing resources in the first node, a traffic management policy in the first node in response to the contents of the packets; and

delegating to the second node across the communication link, resources to execute the traffic management policy.

27. The method of claim 26, wherein the step of monitoring includes determining whether a packet received across the communication link in the first node is a broadcast packet, and what source originated the packet, and the step of delegating includes sending a source address of a source which originates broadcast packets not needed at the first node, so that the second node can filter broadcast packets having said source address.

28. The method of claim 26, wherein the step of monitoring includes determining whether a packet transmitted to the second node across the communication link is a periodic packet and whether the second node has received the periodic packet before, and step of delegating includes sending an indication of contents of the periodic packet if it has been sent to the second node before, so that the second node can spoof said periodic packet.

29. The method of claim 26, wherein the step of delegating includes providing a transport mechanism by which the first node and the second node communicate across the communication link, wherein the transport mechanism is independent of any configured network address.

30. The method of claim 26, including providing multiprotocol routing resources in the first node.

31. A method for managing traffic between a first node and second node connected by a communication link; comprising:

providing multiprotocol routing resources in the first node;

monitoring with processing resources in the first node characteristics of traffic transmitted to and received from the second node across the communication link, the characteristics including (1) whether a packet received across the communication link in the first node is a broadcast packet, and what source originated the packet, and (2) whether a packet transmitted to the second node across the communication link is a periodic packet and whether the second node has received the periodic packet before;

developing with processing resources in the first node, traffic management messages in response to the characteristics, wherein the traffic management messages include a source address of a source which originates broadcast packets not needed at the first node, so that the second node can filter broadcast packets from having the delegated source address, and the traffic management messages include an indication of contents of a periodic packet if it has not been sent to the second node before, so that the second node can spoof the periodic packet;

providing a transport mechanism by which the first node and the second node communicate traffic management messages across the communication link independent of any configured network address; and

sending the traffic management messages to the second node across the communication link using the transport mechanism, so that processing resources in the second node can control the traffic in response to the traffic management messages.
 Description Submit all comments and votes
 


LIMITED COPYRIGHT WAIVER

A portion of the disclosure of this patent document contains material to which the claim of copyright protection is made. The copyright owner has no objection to the facsimile reproduction by any person of the patent document or the patent disclosure, as it appears in the U.S. Patent and Trademark Office file or records, but reserves all other rights whatsoever.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to interconnecting data networks, and more particularly to managing traffic between interconnected networks for efficient use of communication resources.

2. Description of Related Art

A trend toward connecting remote offices to headquarters through wide area networks (WANs) is rapidly picking up speed. Using interconnected networks, people working in remote offices may gain access to electronic mail systems, client server applications, share files, and other corporate resources which are managed at the central site.

Technologies have been developing to facilitate the interconnecting of remote offices to meet this need. One example is the boundary routing systems architecture of 3Com Corporation, the assignee of the present application, as described in U.S. Pat. No. 5,423,002. See also, "Plug in to Remote Connectivity", NetAge, published by 3Com Corporation, Vol. 3, No. 2, March/April 1994, p. 1-5. According to the boundary routing systems architecture, a remote network is provided with an extended interface to network management resources, such as a multiprotocol router located at a central site. All management of the router is done by an administrator at a central site, who does not need to visit the remote site to ensure full access to users of the remote network. The extended interface is provided by transparently inserting a WAN connection between the central site and the remote network.

One of the significant expenses of interconnecting remote offices to the central site are costs of WAN services. For instance, local area networks often generate substantial background traffic. For example, the Internetwork Packet Exchange (IPX) protocol executed by NetWare routers, distributed by Novell, Inc., execute the so-called Routing Information Protocol (RIP) and Service Advertising Protocol (SAP). The RIP protocol involves periodic RIP broadcast packets containing all routing information known to the router. The packets are used to keep the internetwork synchronized and provide a means of aging those networks which might become inaccessible. Also, the SAP protocol involves periodically sending SAP broadcast packets containing all server information known to the SAP agent. These broadcasts keep all routers on the internetwork synchronized to provide a means of aging servers in the network. WAN usage by the background broadcasts can be quite high.

Thus, there is a need to manage the usage of WAN services, without unduly increasing the administration required at remote sites, and without unduly restricting usage of resources at the headquarters by the remote network.

SUMMARY OF THE INVENTION

The present invention provides an apparatus which controls network traffic between a central device and a remote device across a communication link based upon central traffic management resources in the central device. The central traffic management resources are coupled to the communication link and monitor data packets received across the communication link to learn characteristics of the remote network. Based on the learned characteristics, traffic management messages are generated in the central traffic management resources. These messages are forwarded to an interface device on the remote network, where traffic on the communication link is controlled in response to the traffic management messages. Thus, the remote interface is configured automatically by central traffic management resources running in the central device without human intervention at the remote network.

The traffic management messages manage traffic across a communication link of two types. Traffic management messages identify (1) types of packets to be forwarded from the remote interface across the communication link, and (2) types of packets to be transmitted by the remote interface to users of the remote network. Thus, packets originating on the remote network are filtered so that only necessary packets are forwarded to the central site. Similarly, packets which normally originate from the central site are "spoofed" at the remote site in response to management messages generated at the central site.

To further enhance the "plug and play" aspect of the present invention, the central traffic management resources execute a transport protocol for the traffic management messages which are independent of a network address for the remote interface.

The present invention can also be characterized as a system for controlling traffic across a communication link between a remote network and a central device. The system, according to this aspect, comprises a remote network interface, connected to the remote network, including data forwarding resources which, according to forwarding rules, forward data packets originated by users of the remote network across the communication link to the central device in response to characteristics of the data packets. In addition, central link management resources are located in the central device. These resources monitor characteristics of the forwarded data packets received across the communication link from the remote network interface to learn characteristics of users of the remote network. In response to the learned characteristics, these resources generate link management messages and forward the link management messages to the remote interface. Remote link management resources in the remote interface are responsive to the link management messages. In response to these messages, the forwarding rules are tailored to the learned characteristics of the users of the remote network to reduce unnecessary traffic on the communication link.

The central link management resources may also generate remote network management messages based on a protocol executed by other users of the central device, and forward these remote network management messages to the remote interface. In this aspect, the remote network management resources in the remote interface produce network management packets in response to the remote network management messages, and communicate the network management packets to the users of the remote network as needed according to the protocol. Thus, network management packets normally originated at the central site, are spoofed by the remote interface, further reducing the amount of traffic required to go through the WAN link.

The central link management resources may also monitor characteristics of data packets received from the other users of the central device to learn about changes which need to be made in the network management packets produced in the remote network management resources. In response to these learned changes, network management messages indicating the changes are generated and forwarded to the remote interface. Resources in the remote network interface change the remote network management packets in response to the network management messages indicating the changes.

A transport mechanism is included in the system which provides for communication of the link management messages and the network management messages to the remote interface independent of the network address of the remote interface.

According to yet another aspect of the present invention, the WAN traffic management is implemented in the boundary router systems architecture, in which the remote interface forwards unicast frames of data from users of the second network which are addressed to an extended interface of the central site and broadcast frames, across a communication link to the central site, and forwards frames received from the central site to the remote network when they are not addressed to the remote interface. In this environment, the link manager in the central site monitors packets received across the communication link to learn the characteristics of the remote network and produces traffic management messages in response to the learned characteristics. These traffic management messages are forwarded to the remote interface where a link manager agent filters broadcast frames in response to the traffic management messages. Also, the link manager and link manager agent may be set up to spoof network management frames which would normally be generated at the central site, as described above.

Accordingly, the present invention provides a "Smart Filtering" mechanism by which a remote office may be interconnected to a central site with very low administrative overhead, and with carefully managed WAN traffic. The system provides for learning the characteristics of the remote network, and keeping the remote network informed of changes occurring in the central site. Based on these characteristics, a filtering/spoofing agent is enabled automatically in the remote site to manage WAN traffic based upon advice from the central site.

Other aspects and advantages of the present invention can be seen upon review of the figures, the detailed description, and the claims which follow.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a schematic diagram of networks interconnected according to the present invention with a Smart Filtering manager on the central node, and Smart Filtering agents on leaf nodes.

FIG. 2 is a schematic illustration of a boundary routing environment illustrating "protocol islands".

FIG. 3 is a more detailed schematic diagram of a Smart Filtering system according to the present invention.

FIG. 4 is a schematic diagram of resources on the central node and leaf node executing the Smart Filtering protocol according to the present invention.

FIG. 5 is a schematic diagram of a boundary router system according to the present invention.

FIG. 6 is a schematic diagram of the resources of a boundary router central node and leaf node according to the present invention.

FIG. 7 is a more detailed schematic diagram of the resources executing Smart Filtering according to a preferred embodiment of the present invention.

FIG. 8 is a "pseudo-code" diagram of the startup routine for a Smart Filtering port according to the present invention.

FIG. 9 is a "pseudo-code" diagram of run time Smart Filtering adjustments according to the present invention.

FIG. 10 is a "pseudo-code" diagram of an algorithm used for shutting down the Smart Filtering function on a port.

FIG. 11 is a "pseudo-code" illustration of an algorithm for handling exceptions in the Smart Filtering environment.

FIG. 12 is a "pseudo-code" illustration of the Smart Filtering trigger algorithm according to the present invention.

FIG. 13 provides a perspective of "address-less" transport mechanisms used in one aspect of the present invention.

DETAILED DESCRIPTION

FIG. 1 provides a perspective of a plurality of interconnected networks, including a central node 10, a leaf node 11, and a leaf node 12. The central node 10 may comprise a network intermediate system, such as a multiprotocol router. One example of the multiprotocol router is known as the NetBuilder II system provided by 3Com Corporation of Santa Clara, Calif.

This central node 10 is coupled to a first local area network 13 which includes a plurality of network servers, generally 14, a plurality of network clients, generally 15, and connections to other local area networks, or wide area networks, schematically represented by the cloud 16. In addition, the central node 10 may be connected to a second LAN 17 which includes a number of clients and servers not shown and may be connected to other LANs or WANs, as represented by cloud 18.

The central node 10 is connected by a point to point wide area network link 22 to leaf node 11. Leaf node 11 is coupled to a local area network 19 which includes network servers, generally 20, and network clients, generally 21.

Central node 10 is also connected through a switched wide area network communication link 23 to leaf node 12. Leaf node 12 is connected to a local area network 24 which includes a network server 25, and network client 26. Also, the LAN 24 may be connected to a "protocol island", generally 27, which may include a number of devices which execute a protocol that is not handled by resources on the central node 10. Thus, packets from the protocol island 27 are not routed by the multiprotocol router at the central node 10.

According to the present invention, the central node 10 includes a Smart Filtering manager 28, leaf node 11 includes a Smart Filtering agent 29, and leaf node 12 includes a Smart Filtering agent 30. The Smart Filtering manager 28 monitors data packets received across the communication links 22 or 23, to learn characteristics of the remote networks 19 or 24, respectively. The manager produces traffic management messages in response to the learned characteristics, and forwards the traffic management messages to the Smart Filtering agents 29 and 30 on the leaf nodes 11 and 12. The leaf nodes 11 and 12 respond to the traffic management messages to control the traffic which must be forwarded across the wide area links 22 and 23. For instance, the Smart Filter manager may detect certain network management packets which are generated by servers 20 on the LAN 19, which need not be forwarded to the central node every time they are generated. In response to this learned characteristic of the remote network, a traffic management message is sent to the leaf node 11 where the Smart Filter agent 29 implements a filter to prevent forwarding of such packets across the link 22.

Also, the Smart Filter manager 28 may detect certain types of packets which are forwarded from the central node 10 to the remote networks 19 and 24 through the leaf nodes 11 and 12, respectively, which do not provide new information to the remote networks. These messages need not be forwarded from the central node across links 22 and 23, provided traffic management messages are sent to the leaf nodes 11 and 12, where the Smart Filter agents 29 and 30 set up resources to spoof these traffic management packets for the remote networks.

FIG. 2 provides a perspective view of the protocol island environment. In FIG. 2, central router 40 is connected across a WAN link 41 to leaf L1 (42). Leaf L1 is connected to a LAN 43 to which a VINES network 44 is attached. The central router 40 is also connected directly to network N1 (45). Network N1 is coupled to a group 46 of workstations which execute the AppleTalk protocol. The central router 40 is also coupled to a second leaf L2 (47) across a WAN link 48, to a third leaf L3 (48) across WAN link 49, and to a second directly attached network N2 (50).

The second leaf L2 is coupled to a network 51. Network 51 is coupled to a group 52 of terminals which execute the LAT protocol. As illustrated in the figure, the second leaf L2, the third leaf L3, and the second attached network N2 all operate in an IPX routing environment represented by cloud 53. Protocol islands exist in the VINES group 44, the AppleTalk group 46, and the LAT group 52. These protocol islands are networked topologies that are always confined to a single leaf network and have no interconnection needs with other leaf networks or the central router 40.

The IPX routing cloud illustrates that the domain of IPX routing may include an entire leaf network 48, or a partial leaf network, such as the network 51 connected to the second leaf L2. Thus, the multicast and broadcast traffic generated by the protocol islands 44, 46, and 52 need not be communicated across the wide area links 41, 48, and 49, because they would simply be discarded at the central router 40, so long as it is running strictly as a router for the particular port on which they are received. For example, in the leaf network 51 above, all LAT broadcast and multicast packets would leak to the central router 40 and be discarded there, because the central router would only be doing IPX routing over the port connected to link 48. This type of traffic is the kind of WAN overhead that should be removed using the Smart Filtering of the present invention.

FIG. 3 illustrates the basic structure for implementing the Smart Filter master and Smart Filter agent. The widely applied Simple Network Management Protocol SNMP is used as one example of the basic transport mechanism. In FIG. 3, the central router is represented by box 60. Within the central router 60, Smart Filter master code 61 is implemented, which includes an interface 62 to the SNMP transport mechanism 65. The SNMP transport mechanism 65 is coupled to the port 63. Port 63 is connected to a WAN link 64. This WAN link 64 is connected to the SNMP transport mechanism 66 in the leaf node 67. The SNMP transport mechanism 66 is linked by interface 68 to Smart Filtering agent code 69, which includes an SNMP management information base MIB. The Smart Filtering agent 69, in response to information in the MIB, performs packet spoofing 70 and packet filtering 71 for the leaf LAN 72.

Although an actual implementation may not be a strict layering, these resources can also be illustrated as shown in FIG. 4. In particular, a wide area link 90 interconnects a leaf node 91 and a central node 92. The central node 92 includes routed protocol resources 93 for routing a variety of protocols in a network. Coupled with the routed protocol resources 93 are Smart Filter trigger resources 94. These resources may be embedded within the routed protocol resources 93, or separately implemented, depending On the particular software architecture utilized. Coupled with the trigger resources 94 are leaf node setup resources 95. These resources determine, based on the trigger resources 94, what actions to delegate to the leaf node 91 for filtering and spoofing.

Coupled with the leaf node 91 set up resources 95 is a Smart Filter manager/agent transport mechanism 96. This mechanism provides for transport across the WAN link 90 to a Smart Filter manager/agent transport module 97 in the leaf node 91. The transport provides for communication of messages concerning traffic management to the leaf node 91 set up resources 98, which are utilized by the filter and spoof resources 99 to manage traffic across the WAN link 90. As discussed above, SNMP with MIB objects is one mechanism which may be used for this transport. Alternatives include IP User Datagram Protocol (UDP) with the UI command/parameter conventions, the Transmission Control Protocol (TCP), and specially designed protocols.

In one implementation of the present invention, the central node 92 is a multiprotocol router which includes the boundary routing system architecture for selected ports. The leaf node 91 is a remote interface for the central node 92 which forwards packets that are addressed to the interface on the central node for the leaf network across the