Abstract: Techniques for separately accounting for multiple transactions in the same data packets communicated over a network using Transport Control Protocol (TCP) include receiving an Internet Protocol (IP) data packet that includes Transport Control Protocol (TCP) payload data. The TCP payload is parsed to determine boundary data that indicates a byte location on a boundary between a first transaction and a second transaction. A byte count that indicates a number of bytes in the TCP payload associated with the first transaction is determined based on the boundary data. Accounting data for the first transaction is determined based at least in part on the byte count. These techniques allow a service gateway to bill separately for different requests and responses carried in TCP data packets, such as those for Hypertext Transfer Protocol (HTTP) and Real Time Streaming Protocol (RTSP).

Abstract: In one embodiment, a method includes receiving quality if service difference data. Quality of service difference data indicates how a particular flow of data packets between a first end node of a particular subscriber and a different second end node differs from a particular quality of service level. The particular quality of service level is one of multiple quality of service levels available over the network. Quality of service data based on the quality of service difference data is sent to billing server that charges the particular subscriber based on the quality of service data.

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: Techniques for separately accounting for multiple transactions in the same data packets communicated over a network using Transport Control Protocol (TCP) include receiving an Internet Protocol (IP) data packet that includes Transport Control Protocol (TCP) payload data. The TCP payload is parsed to determine boundary data that indicates a byte location on a boundary between a first transaction and a second transaction. A byte count that indicates a number of bytes in the TCP payload associated with the first transaction is determined based on the boundary data. Accounting data for the first transaction is determined based at least in part on the byte count. These techniques allow a service gateway to bill separately for different requests and responses carried in TCP data packets, such as those for Hypertext Transfer Protocol (HTTP) and Real Time Streaming Protocol (RTSP).

Abstract: Techniques for separately accounting for multiple transactions in the same data packets communicated over a network using Transport Control Protocol (TCP) include receiving an Internet Protocol (IP) data packet that includes Transport Control Protocol (TCP) payload data. The TCP payload is parsed to determine boundary data that indicates a byte location on a boundary between a first transaction and a second transaction. A byte count that indicates a number of bytes in the TCP payload associated with the first transaction is determined based on the boundary data. Accounting data for the first transaction is determined based at least in part on the byte count. These techniques allow a service gateway to bill separately for different requests and responses carried in TCP data packets, such as those for Hypertext Transfer Protocol (HTTP) and Real Time Streaming Protocol (RTSP).

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: In one embodiment, a method includes receiving quality if service difference data. Quality of service difference data indicates how a particular flow of data packets between a first end node of a particular subscriber and a different second end node differs from a particular quality of service level. The particular quality of service level is one of multiple quality of service levels available over the network. Quality of service data based on the quality of service difference data is sent to billing server that charges the particular subscriber based on the quality of service data.

Abstract: A method for distributing information in a network environment is provided that includes receiving one or more packets from a communication flow initiated by an end user and selectively communicating information associated with the communication flow to a network element so that the network element may correlate a source with the communication flow.

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: Techniques for separately accounting for multiple transactions in the same data packets communicated over a network using Transport Control Protocol (TCP) include receiving an Internet Protocol (IP) data packet that includes Transport Control Protocol (TCP) payload data. The TCP payload is parsed to determine boundary data that indicates a byte location on a boundary between a first transaction and a second transaction. A byte count that indicates a number of bytes in the TCP payload associated with the first transaction is determined based on the boundary data. Accounting data for the first transaction is determined based at least in part on the byte count. These techniques allow a service gateway to bill separately for different requests and responses carried in TCP data packets, such as those for Hypertext Transfer Protocol (HTTP) and Real Time Streaming Protocol (RTSP).

Abstract: An apparatus for charging in a network environment is provided that includes an access gateway encapsulation/decapsulation element operable to establish one or more packet data protocol (PDP) links on behalf of an end user and to perform encapsulation and decapsulation operations for one or more of the links associated with the end user. The access gateway encapsulation/decapsulation element is further operable to interface with a client services packet gateway (CSPG) that is operable to provide enhanced packet processing for the end user for requested information. The apparatus also includes an access gateway policy element operable to interface with the CSPG. The access gateway encapsulation/decapsulation element and the access gateway policy element cooperate to use one or more inter-module headers in order to coordinate the enhanced packet processing for one or more communication flows associated with the end user.

Abstract: An apparatus for charging in a network environment is provided that includes an access gateway encapsulation/decapsulation element operable to establish one or more packet data protocol (PDP) links on behalf of an end user and to perform encapsulation and decapsulation operations for one or more of the links associated with the end user. The access gateway encapsulation/decapsulation element is further operable to interface with a client services packet gateway (CSPG) that is operable to provide enhanced packet processing for the end user for requested information. The apparatus also includes an access gateway policy element operable to interface with the CSPG. The access gateway encapsulation/decapsulation element and the access gateway policy element cooperate to use one or more inter-module headers in order to coordinate the enhanced packet processing for one or more communication flows associated with the end user.

Abstract: An apparatus for managing information in a network environment is provided that includes a content service gateway operable to communicate with an end user in order to facilitate a communication session. The communication session relates to a request by the end user for content or for a service. A quota server coupled to the content service gateway is operable to receive a service authorization request from the content service gateway relating to the communication session. The service authorization request operates to authorize access to the service or to the content for the end user.

Abstract: A system and method are described for selecting a server to handle a connection. The method includes receiving at a service manager a connection request intercepted by a network device having a forwarding agent that is operative to receive instructions from a service manager, the connection request having been forwarded from the forwarding agent on the network device to the service manager. A preferred server is selected at the service manager from among a group of available servers. The preferred server is the server that is to service the connection request. Instructions are sent from the service manager to the forwarding agent. The instructions include the preferred server that is to service the connection request so that the connection request may be forwarded from the network device to the preferred server.

Abstract: A method for communicating in a loadbalancing environment is provided that in a particular embodiment includes receiving a request packet from a network access server (NAS) to initiate a communication session. The request packet is then communicated to a tunneling protocol network server (TPNS) and a response packet is received in response to the request packet. The response packet establishes a tunnel that facilitates the communication session and that includes an identification element associated with the TPNS such that a data transfer associated with the communication session is executed between the NAS and the TPNS.

Abstract: A network is disclosed that includes a first tier of forwarding agents connected to a first tier of network devices. A second tier of forwarding agents is connected to a second tier of network devices. A service manager is configured to receive a packet from one of the forwarding agents; determine the tier of the forwarding agent; and send an instruction to the forwarding agent directing the forwarding agent to forward the packet to a network device connected to the tier of forwarding agents that includes the forwarding agent.

Abstract: An apparatus for managing network access is provided that includes a billing system element operable to receive one or more packets of a communication flow and to communicate with a price server. The price server is operable to receive a query from the billing system element associated with a pricing parameter relating to a data segment to be accessed by an end user associated with the communication flow. The price server is also operable to return a response to the billing system element that includes the pricing parameter relating to the data segment such that the end user can verify the pricing parameter before accessing the data segment.

Abstract: A network is disclosed that includes a first tier of forwarding agents connected to a first tier of network devices. A second tier of forwarding agents is connected to a second tier of network devices. A service manager is configured to receive a packet from one of the forwarding agents; determine the tier of the forwarding agent; and send an instruction to the forwarding agent directing the forwarding agent to forward the packet to a network device connected to the tier of forwarding agents that includes the forwarding agent. filed Jul. 2, 1999 (Attorney Docket No. CISCP519) entitled SENDING INSTRUCTIONS FROM A SERVICE MANAGER TO FORWARDING AGENTS ON A NEED TO KNOW BASIS which is incorporated herein by reference for all purposes; and co-pending U.S. patent application Ser. No. 09/347,126, filed Jul. 2, 1999 (Attorney Docket No. CISCP520) entitled DISTRIBUTION OF NETWORK SERVICES AMONG MULTIPLE SERVICE MANAGERS WITHOUT CLIENT INVOLVEMENT, filed Jul.