(19)
(11)EP 2 357 772 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
11.01.2017 Bulletin 2017/02

(21)Application number: 10171709.8

(22)Date of filing:  03.08.2010
(51)International Patent Classification (IPC): 
H04L 29/06(2006.01)

(54)

Video transcoding using a proxy device

Video-Transcodierung mithilfe einer Proxyvorrichtung

Transcodage vidéo au moyen d'un dispositif proxy


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

(30)Priority: 17.02.2010 US 707436

(43)Date of publication of application:
17.08.2011 Bulletin 2011/33

(73)Proprietor: Juniper Networks, Inc.
Sunnyvale, CA 94089-1206 (US)

(72)Inventors:
  • Kalra, Sanjay
    San Jose, CA 95136 (US)
  • Mallya, Raghavendra
    San Ramon, CA 94583 (US)
  • Athreya, Anand S.
    San Jose, CA 95119 (US)

(74)Representative: D Young & Co LLP 
120 Holborn
London EC1N 2DY
London EC1N 2DY (GB)


(56)References cited: : 
EP-A2- 1 079 573
US-B1- 7 512 118
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    BACKGROUND



    [0001] Communication networks typically include devices, such as firewalls, routers, switches or gateways, which transfer or switch data, such as packets, from one or more sources to one or more destinations. A firewall or gateway device, for example, may permit, deny, encrypt, decrypt, or proxy traffic between different security domains based upon a set of rules and other criteria.

    [0002] Entities, such as corporations, may use firewall/gateway devices to limit access to resources. For example, a firewall may be used to block access to certain external websites by employees. A firewall or gateway device may also be used to limit the use of a particular resource. For example, video sessions using certain video codecs (video coder-decoder protocols) may be blocked.

    [0003] EP1,079,573 discloses a method and system of managing calls over a data network including determining an available bandwidth of the data network. After a call request is received for establishing a call between at least two network terminals, one or more of a plurality of resource elements are selected in response to the call request based on the bandwidth of the data network. The resource elements, which can include codecs (coders/decoders), packet sizes (for carrying audio data), and others, are used in the requested call between the at least two network terminals. Further, a plurality of communities may be defined each including one or more terminals. One or more usage threshold values may be assigned to a link or links between communities, and a call request is processed based on the one or more usage threshold values. The processing includes at least one of determining whether to admit the call request and selecting resource elements to be used during a call between terminals over the link.

    [0004] US 7,512,118 discloses a message protocol on a communication network between an originating and terminating communication device transmits the cost and quality of service impact of selecting a CODEC standard where no single CODEC is supported in the end-to-end packet transmission. Each call agent server on the communication generates and submits a session initiation protocol (SIP) message containing a data element for the additional cost and a data element for the additional total quality of service degradation, calculating the additions considering all prior calculated data elements. The data elements are part of the session description protocol message. Either the final server prior to the terminating communication device or the terminating communication device operates an algorithm to make an optimal selection and avoid unnecessary high cost or degraded quality of service. The selected CODEC standard is communicated back to the servers in an SIP response message

    SUMMARY



    [0005] The invention is defined in the claims. A method, implemented by a network device, includes: monitoring, by the network device, communications between a plurality of client devices and an external network; detecting, by the network device and based on the monitoring, a negotiation (410, 420, 430) for a video stream occurring between a first client device, of the plurality of client devices and a server device in the external network, the negotiation including at least a first message from the first client device indicating a requested video quality by the first client device; determining, by the network device, a maximum allowed video quality for the first client device; determining, by the network device, whether the video quality requested by the first client device is greater than the maximum allowed video quality; when the video quality requested by the first client device is not greater than the maximum allowed video quality, transmitting, by the network device, the first message to the server device, and when the video quality requested by the first client device is greater than the maximum allowed video quality, modifying, by the network device, the first message to change the requested video quality to be equal to the maximum allowed video quality and transmitting, by the network device, the modified first message to the server device in place of the first message from the client device.

    [0006] A network device includes: input/output ports to connect a plurality of client devices within a local area network to server devices in an external network; and a proxy component, the proxy component being configured to monitor communications between the plurality of client devices and the server devices; to receive information relating to a maximum allowed video quality corresponding to users of the plurality of client devices, to intercept messages from the plurality of client devices relating to codec negotiations for video streams requested by the client devices, and either, when a video quality requested in a first intercepted message (420) is not above the maximum allowed video quality of the user corresponding to the first intercepted message to transmit the first intercepted message, or, when a video quality requested in the first intercepted message is above the maximum allowed video quality of the user corresponding to the first intercepted message to modify the first intercepted message and to transmit the modified first intercepted message in place of the first message.

    [0007] A device may include a processor; and a memory to store instructions for execution by the processor. The instructions may include instructions to monitor communications between a group of client devices and an external network; detect a negotiation for a video stream occurring between a client device of the group of client devices and a server device in the external network, the negotiation including at least a first message from the client device indicating a requested video quality by the first client device; determine a maximum allowed video quality for the client device; determine whether the requested video quality by the client device is greater than the maximum allowed video quality; modify, when the requested video quality by the first client device is greater than the maximum allowed video quality, the first message to change the requested video quality to be equal to the maximum allowed video quality; and transmit the modified first message to the server device in place of the first message from the client device.

    BRIEF DESCRIPTION OF THE DRAWINGS



    [0008] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate one or more example embodiments described here and, together with the description, explain these embodiments. In the drawings:

    Fig. 1 is a diagram of an example system in which concepts described herein may be implemented;

    Fig. 2 is a block diagram of an example network device which may correspond to one of network devices shown in Fig. 1;

    Fig. 3 is a diagram of example components of a server shown in Fig. 1;

    Fig. 4 is a diagram illustrating a portion of a system that may perform transcoding of video negotiations;

    Fig. 5 is a diagram illustrating example functional components of a network device;

    Fig. 6 is a flow chart illustrating an example process that may be performed by a network device; and

    Fig. 7 is a timing diagram illustrating example messages exchanged between a client, a network device, and a server.


    DETAINED DESCRIPTION



    [0009] The following detailed description of the invention refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. Also, the following detailed description does not limit the invention.

    [0010] As described herein, a network device, such as a gateway, firewall, or router may automatically down-negotiate the quality of video sessions on behalf of client to a preset maximum video quality. More specifically, the network device may intercept codec negotiations between the user (client) and the video server by monitoring protocol messages used to negotiate the codec information. The networking device may act as a proxy on behalf of the client and change the codec requested from the video server based on a policy.

    EXAMPLE SYSTEM OVERVIEW



    [0011] Fig. 1 is a diagram of an example system 100 in which concepts described herein may be implemented. System 100 may include a wide area network (WAN) 110 connected to one or more private networks 120-A and 120-B (collectively referred to as private networks 120) and one or more servers 130-A and 130-B (collectively referred to as servers 130). Private networks 120 may each, for example, include corporate or individual local area networks (LANs).

    [0012] WAN 110 may generally include one or more types of networks. For instance, WAN 110 may include a cellular network, a satellite network, the Internet, or a combination of these (or other) networks that are used to transport data. Although shown as a single element in Fig. 1, WAN 110 may include a number of separate networks that function to provide services, such as video content, to private networks 120. Alternatively, the services may be provided to private networks 120 from another private network 120. WAN 110 may be implemented using a number of network devices 115. Network devices 115 may include, for example, routers, switches, gateways, and/or other devices that are used to implement WAN 110.

    [0013] Private networks 120 may each include a number of computing devices, such as, for example, client computing devices 125 ("clients") and network devices 127. Clients 125 may include computing devices of end-users, such as desktop computers, laptops, or hand-held computing devices such as smart phones, notebooks, tablet computers, etc. Network devices 127, similar to network devices 115, may include network devices used to implement private networks 120, such as firewalls, gateways, network acceleration devices, switches, routers, combinations of these devices, or other devices relating to network implementation, control, and/or security.

    [0014] Network devices 115 and 127 may each implement a network operating system that controls the resources of the network device and provides an interface to the network device through which users can modify the configuration of the network device.

    [0015] Servers 130-A and 130-B may each include, for example, a computing device or group of computing devices designed to provide services to clients 125. Servers 130-A and 130-B may particularly include servers that provide video to clients 125.

    [0016] In the example system shown in Fig. 1, two private networks 120-A and 120-B and two servers 130-A and 130-B are shown. In other implementations, system 100 may include additional, fewer, different, or differently arranged networks and/or devices. Additionally, in some implementations, tasks described as being performed by one device in Fig. 1 may be performed by a different one or more devices in Fig. 1.

    EXAMPLE DEVICE ARCHITECTURES



    [0017] Fig. 2 is a block diagram of an example network device 200, which may correspond to one of network devices 115 or 127. In order to increase throughput, network device 200 may use dedicated hardware to assist in processing incoming units of data, such as packets. In some alternative implementations, units of data (data units) other than packets may be used. As shown in Fig. 2, network device 200 may generally include a software portion 220 and a hardware portion 230.

    [0018] Software portion 220 may include software designed to control network device 200. In general, software portion 220 may implement the functions of the network device that are not time critical. The functions described as being performed by software portion 220, may be implemented through, for example, one or more general purpose processors 222 and one or more computer memories 224. Processors 222 may include processors, microprocessors, or other types of processing logic that may interpret and execute instructions. Computer memories 224 (also referred to as computer-readable media herein) may include random access memories (RAMs), read-only memories (ROMs), and/or other types of dynamic or static storage devices that may store information and instructions for execution by one or more processors 222.

    [0019] Hardware portion 230 may include circuitry for efficiently processing packets received by network device 200. Hardware portion 230 may include, for example, logic, such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), and/or a content-addressable memory (CAM). When network device 200 is a router, hardware portion 230 may, for example, receive incoming packets, extract header information for the packets, and process the packets based on the extracted header information. When network device is a firewall or gateway, hardware portion 230 may, for example, receive incoming packets, extract header information from the packets, and match portions of the header information to a lookup table, such as one stored in a ternary content addressable memory, to determine whether the packet should be dropped.

    [0020] Network device 200 may additionally include one or more input ports 250 for receiving incoming packets and one or more output ports 255 for transmitting outgoing packets. In some implementations, a port may act as both or one of an input port 250 or an output port 255. Ports 250/255 may also be used to receive remote user connections for configuring the operation of network device 200.

    [0021] Although network device 200 is shown as including a software portion 220 and a hardware portion 230, network device 200 may, in some implementations, be implemented entirely through hardware. Additionally, network device 200 may include additional, fewer, different, or differently arranged components than those illustrated.

    [0022] Fig. 3 is a diagram of example components of one of servers 130. As shown in Fig. 3, server 130 may include a bus 310, a processor 320, a main memory 330, a read only memory (ROM) 340, a storage device 350, an input device 360, an output device 370, and a communication interface 380. In another implementation, a server 130 may include additional, fewer, different, or differently arranged components than are illustrated in Fig. 3.

    [0023] Bus 310 may include a path that permits communication among the components of the server 130. Processor 320 may include a processor, a microprocessor, or processing logic (e.g., an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA)) that may interpret and execute instructions. Main memory 330 may include a random access memory (RAM) or another type of dynamic storage device that may store information and instructions for execution by processor 320. ROM 340 may include a ROM device or another type of static storage device that may store static information and instructions for use by processor 320. Storage device 350 may include a magnetic and/or optical recording medium and its corresponding drive, or a removable form of memory, such as a flash memory.

    [0024] Input device 360 may include a mechanism that permits an operator to input information to the server 130, such as a keyboard, a mouse, a button, a pen, a touch screen, voice recognition and/or biometric mechanisms, etc. Output device 370 may include a mechanism that outputs information to the operator, including a display, a light emitting diode (LED), a speaker, etc. Communication interface 380 may include any transceiver-like mechanism that enables server 130 entity to communicate with other devices and/or systems. For example, communication interface 380 may include mechanisms for communicating with another device or system via a network, such as network 110. In some implementations, server 130 may be a "headless" server, in which case, input devices 360 and output devices 370 for directly interacting with a user may not be included.

    [0025] Servers 130, as described below, may include servers that provide video to clients 125. As one example of a typical video session, a client may request a video resource from a server 130. The client and server may then negotiate, using a protocol such as SIP (session initiation protocol) or H.323, the codec to use in delivering the video. The negotiation of the codec to use may include, for example, negotiating the type of compression used in delivering the video, the resolution of video (e.g., standard definition or high definition), or other factors relating to how the video is to be delivered to the client. In a typical video negotiation, the client and server will agree on a codec that supports the highest quality video supported by both the client and server.

    TRANSCODING VIDEO NEGOTIATIONS


    BY NETWORK DEVICE



    [0026] Fig. 4 is a diagram illustrating a portion of system 100, including a gateway, firewall, or routing network device 127, that may perform transcoding of video negotiations in order to control video quality delivered to clients 125. Transcoding, as used herein, refers to the conversion or changing of one encoding standard to another. Video transcoding may generally be performed by network device 127 to control the bandwidth of video signals requested by clients 125.

    [0027] As shown, client 125 may communicate with a server, server 130-A. Client 125 may particularly communicate with server 130-A to receive video, such as streaming video, from server 130-A. The communications with server 130-A may be performed through network device 127 and over WAN 110. Network device 127 may operate as a firewall or gateway that controls the access of client 125 to WAN 110.

    [0028] Example communications 410 in a video session between client 125 and server 130-A are illustrated in Fig. 4. Client 125 may request a resource from server 130-A, such as a resource corresponding to video (VIDEO REQ 420). The particular codec to use in sending the resource to client 125 may be negotiated (CODEC NEG 430). The negotiation of the codec may include negotiating the type of compression used for the video, the resolution of video (e.g., standard definition or high definition), or other factors relating to how the video is to be delivered to client 125. Using the negotiated codec, server 130-A may transmit the requested video to client 125 (VIDEO 440).

    [0029] Fig. 5 is a diagram illustrating example functional components of one of network devices 127. Network device 127 may include proxy component 510 and policy engine 520. Proxy component 510 and policy engine 520 may be physically implemented in, for example, software portion 220, hardware portion 230, or a combination of software portion 220 and hardware portion 230 of network device 200.

    [0030] Proxy component 510 may operate to monitor communications between clients 125 and servers 130, and when necessary act as a proxy for a client 125 in communicating with a server 130. In general, a proxy may be a device that acts as an intermediary for requests from clients seeking resources from servers 130. Proxy component 510 may evaluate the request from clients 125 and may request the service on behalf of the client. Consistent with concepts described herein, proxy component 510 may alter the request from a client to modify the codec requested by the client.

    [0031] Whether to modify the codec requested by a client 127, and the codec to use as the modified version of the codec, may be determined by proxy component based on policy engine 520. Policy engine 520 may include a database, file, or other structure used to store policy information for users of clients 127. Policy engine 520 may generally include a model defining access privileges and preferences for the users of clients 127, which may be set, for example, by a network administrator. Policy engine 520 may be located locally on network device 127 or may be located remotely on another network device, such as another network device in the same or different private network 120. Policy engine 520 may particularly include a desired maximum video codec or quality that can be requested by a particular user of a client 125.

    [0032] In some implementations, the policies stored by policy engine 520 may be dynamic and may change, based on, for example, the time of day or the current load on private network 120. For example, policy engine 520 may include policies that limit the video quality that can be delivered to certain users during business hours, but do not limit the quality outside of business hours. As another example, whether to limit video quality may be based on a current network traffic load from private network 120 to WAN 110 (e.g., video quality for certain users may be limited if the traffic to WAN 110 is high but otherwise not limited).

    [0033] Although Fig. 5 shows example functional components of a network device 127, in other embodiments, network device 127 may contain fewer, different, differently arranged, or additional functional components than depicted in Fig. 5.

    [0034] Fig. 6 is a flow chart illustrating an example process 600 that may be performed by a network device 127. Process 600 may be performed by software portion 220, hardware portion 230, or both software portion 220 and hardware portion 230 of network device 127.

    [0035] Process 600 may include monitoring communications between clients 125 and an external network (block 610). Network device 127 may implement process 600 as part of the functionality of a firewall, gateway, or other network device used to manage communications between a private network 120 and an external network, such as WAN 110. Network device 127 may, for example, detect when a new communication session is initiated by a client 125 by, for example, monitoring SIP, H.323, or other protocols, that may be used to begin a video session. Network device 127 may particularly monitor the SIP or H.323 communications to detect when a new codec negotiation is begun with a video server. Monitoring the SIP or H.323 communications may particularly include, for example, scanning SIP or H.323 messages transmitted between clients 125 and servers 130.

    [0036] When a codec video negotiation is started, (block 620 - YES), process 600 may additionally include intercepting the codec negotiation (block 630). For example, process 600 may include intercepting SIP or H.323 messages that are part of the codec negotiation. At this point, proxy component 510 may act as a proxy for client 125 when communicating with server 130.

    [0037] Process 600 may additionally include determining the maximum allowed video quality for the client (block 640). The determination of the maximum allowed video quality may be made based on a lookup using policy engine 520. The maximum allowed quality may be specified in a number of different ways, such as based on a specification of the level of compression of the video stream, the resolution of the video stream, or a maximum average bandwidth. Then lookup using policy engine 520 may include a query based on the client or user associated with the client, which may be identified from the intercepted codec negotiation.

    [0038] Process 600 may additionally include determining whether the video quality requested by client 125 is greater than the maximum allowed video quality (block 650). In some instances, the video quality requested by client 125 may be at or below the maximum allowed video quality (as determined in block 640). In this case, proxy component 510 may simply pass the request to server 130 (block 650 - NO).

    [0039] In other instances, however, the video quality requested by client 125 may be greater than the maximum allowed video quality (block 650 - YES). This may correspond to a requested video stream being of a higher bandwidth than that permitted by the policies set for client 125. In this case, proxy component 510 may modify the message that includes the request from client 125 to change the request to correspond to a request for video of the maximum allowed video quality (block 660). The message (i.e., either the modified message or the unmodified message) may then be transmitted to server 130 (block 670). Server 130 may subsequently receive the request for the potentially lower requested video quality and may transmit the requested video, to client 125, at the lower requested video quality.

    [0040] Fig. 7 is a timing diagram illustrating example messages exchanged between a client 125, a network device 127, and a server 130 when transcoding video negotiations by network device 127. In the example of Fig. 7, assume that the client requests a high-definition video stream but the policies set for the client indicate that only a low-definition request is permissible.

    [0041] A communication session may be initially established, labeled as initial connection 700, between a client 125 and server 130. Client 125 may send an initial request message 705 for video to server 130. The request may pass through network device 127 and be received by server 130. Server 130 may respond, with response message 710, which may pass through network device 127 to client 125.

    [0042] A codec negotiation phase may then be performed, labeled as codec negotiation 720. Codec negotiation 720 may include client 125 issuing a request, such as a high-definition request message 725. High-definition request message 725 may be a message indicating that client 125 requests high-definition video. Network device 127 may intercept this request and modify the request. The modified request, low-definition request message 730, may then be forwarded to server 130. Server 130 may respond to indicate that it will transmit using a codec corresponding to low definition video, illustrated as low-definition codec message 730. Network device 127 may forward low-definition codec message 730 to client 125.

    [0043] Server 130 may subsequently transfer the requested low-definition video data, video data 740, to client 125. Video data 740 may pass through network device 127 on its way to client 125.

    [0044] Although transcoding was primarily described as being applied to video streams, in alternative implementations, the concepts described herein may be applied to other types of data formats, such as audio streams.

    CONCLUSION



    [0045] As described above, a network device may control the quality of video delivered to clients. The quality of video delivered to a particular client may be based on network policies. Advantageously, an entity can control bandwidth consumed by a group of clients.

    [0046] The foregoing description of implementations provides illustration and description, but is not intended to be exhaustive or to limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of the invention.

    [0047] For example, while a series of acts has been described with regard to Fig. 6, the order of the acts may be varied in other implementations consistent with the invention. Moreover, non-dependent acts may be implemented in parallel.

    [0048] It will also be apparent that aspects described herein may be implemented in many different forms of software, firmware, and hardware in the implementations illustrated in the figures. The actual software code or specialized control hardware used to implement aspects described herein is not intended to limit the scope of the invention. Thus, the operation and behavior of the aspects were described without reference to the specific software code - it being understood that software and control hardware can be designed to implement the aspects based on the description herein.

    [0049] Further, certain aspects described herein may be implemented as "logic" or as a "component" that performs one or more functions. This logic or component may include hardware, such as an application specific integrated circuit or a field programmable gate array, or a combination of hardware and software.

    [0050] Even though particular combinations of features are recited in the claims and/or disclosed in the specification, these combinations are not intended to limit the disclosure of the invention. In fact, many of these features may be combined in ways not specifically recited in the claims and/or disclosed in the specification.

    [0051] No element, act, or instruction used in the description of the invention should be construed as critical or essential to the invention unless explicitly described as such. Also, as used herein, the article "a" is intended to include one or more items. Where only one item is intended, the term "one" or similar language is used. Further, the phrase "based on" is intended to mean "based, at least in part, on" unless explicitly stated otherwise.


    Claims

    1. A method, implemented by a network device (127, 200), comprising:

    monitoring, by the network device, communications between a plurality of client devices (125) and an external network (110);

    detecting, by the network device and based on the monitoring, a negotiation (410, 420, 430) for a video stream occurring between a first client device, of the plurality of client devices and a server device in the external network, the negotiation including at least a first message (420) from the first client device indicating a requested video quality by the first client device;

    determining, by the network device, a maximum allowed video quality for the first client device;

    determining, by the network device, whether the video quality requested by the first client device is greater than the maximum allowed video quality;

    when the video quality requested by the first client device is not greater than the maximum allowed video quality, transmitting, by the network device, the first message to the server device, and

    when the video quality requested by the first client device is greater than the maximum allowed video quality, modifying, by the network device, the first message to change the requested video quality to be equal to the maximum allowed video quality and transmitting, by the network device, the modified first message to the server device in place of the first message from the client device.


     
    2. The method of claim 1, where determining the maximum allowed video quality includes:

    determining the maximum allowed video quality based on policies set for a local network that includes the plurality of client devices.


     
    3. The method of claim 1 or claim 2, where the external network includes a wide area network, "WAN", or the Internet.
     
    4. The method of any one of the preceding claims, where the network device includes a gateway device, a firewall device, or a router device.
     
    5. The method of any one of the preceding claims, where the first message from the first client device indicating a requested video quality includes an indication of the video quality as a level of compression of a video stream or a resolution of the video stream.
     
    6. The method of any one of the preceding claims, where monitoring communications between the plurality of client devices and the external network includes:

    monitoring messages, of one or more of a plurality of protocols, transmitted between the plurality of client devices and the external network.


     
    7. The method of claim 6, where the one or more of the plurality of protocols include session initiation protocol SIP or H.323.
     
    8. The method of any one of the preceding claims, where detecting a negotiation for a video stream includes intercepting portions of the negotiation relating to codec negotiations for the video stream.
     
    9. A network device (127; 200) comprising:

    input/output ports (250, 255) to connect a plurality of client devices (125) within a local area network (120) to server devices (130) in an external network; and

    a proxy component (510), the proxy component being configured

    to monitor communications between the plurality of client devices and the server devices;

    to receive information relating to a maximum allowed video quality corresponding to users of the plurality of client devices,

    to intercept messages (420, 430) from the plurality of client devices relating to codec negotiations for video streams requested by the client devices, and either

    when a video quality requested in a first intercepted message (420) is not above the maximum allowed video quality of the user corresponding to the first intercepted message to transmit the first intercepted message, or

    when a video quality requested in the first intercepted message is above the maximum allowed video quality of the user corresponding to the first intercepted message to modify the first intercepted message and to transmit the modified first intercepted message in place of the first message.


     
    10. The network device of claim 9, further comprising:

    a policy engine (520) to store network policy information corresponding to the users of the plurality of client devices, where the proxy component receives the information relating to the maximum allowed video quality from the policy engine.


     
    11. The network device of claim 9, where the proxy component is configured, when receiving the information relating to a maximum allowed video quality, to receive the information from a policy engine operating within the local area network.
     
    12. The network device of claim 9 or claim 10, where the network device includes a gateway device, a firewall device, or a router device.
     
    13. The network device of any one of claims 9 to 12, where the first message includes an indication of the video quality as a level of compression of a video stream or a resolution of the video stream.
     
    14. The network device of any one of claims 9 to 13, where the proxy component is configured, when monitoring communications between the plurality of client devices and the server devices, to monitor messages transmitted, using one or more of a plurality of protocols, between the plurality of client devices and the server device.
     
    15. The network device of claim 14, where the one or more of the plurality of protocols include session initiation protocol SIP or H.323.
     


    Ansprüche

    1. Verfahren, das durch eine Netzvorrichtung (127, 200) implementiert ist, umfassend:

    Überwachen, durch die Netzvorrichtung, von Übertragungen zwischen mehreren Clientvorrichtungen (125) und einem externen Netz (110);

    Erkennen, durch die Netzvorrichtung und basierend auf der Überwachung, einer Aushandlung (410, 420, 430) für einen Video-Datenstrom zwischen einer ersten Clientvorrichtung der mehreren Clientvorrichtungen und einer Servervorrichtung im externen Netz, wobei die Aushandlung wenigstens eine erste Nachricht (420) von der ersten Clientvorrichtung umfasst, die eine von der ersten Clientvorrichtung angeforderte Video-Qualität angibt;

    Bestimmen, durch die Netzvorrichtung, einer maximal zulässigen Video-Qualität für die erste Clientvorrichtung;

    Bestimmen, durch die Netzvorrichtung, ob die von der ersten Clientvorrichtung angeforderte Video-Qualität höher ist als die maximal zulässige Video-Qualität;

    wenn die von der ersten Clientvorrichtung angeforderte Video-Qualität nicht höher ist als die maximal zulässige Video-Qualität, Übertragen, durch die Netzvorrichtung, der ersten Nachricht an die Servervorrichtung, und

    wenn die von der ersten Clientvorrichtung angeforderte Video-Qualität höher ist als die maximal zulässige Video-Qualität, Modifizieren, durch die Netzvorrichtung, der ersten Nachricht derart, dass die angeforderte Video-Qualität so geändert wird, dass sie gleich der maximal zulässigen Video-Qualität ist, und Senden, durch die Netzvorrichtung, der modifizierten ersten Nachricht an die Servervorrichtung anstelle der ersten Nachricht von der Clientvorrichtung.


     
    2. Verfahren nach Anspruch 1, wobei das Bestimmen der maximal zulässigen Video-Qualität beinhaltet:

    Bestimmen der maximal zulässigen Video-Qualität basierend auf Richtlinien, die für ein Ortsnetz definiert wurden, welches die mehreren Clientvorrichtungen aufweist.


     
    3. Verfahren nach Anspruch 1 oder Anspruch 2, wobei das externe Netz ein Weitverkehrsnetz (Wide Area Network, "WAN") oder das Internet einschließt.
     
    4. Verfahren nach einem der vorstehenden Ansprüche, wobei die Netzvorrichtung eine Gatewayvorrichtung, eine Firewallvorrichtung oder eine Routervorrichtung einschließt.
     
    5. Verfahren nach einem der vorstehenden Ansprüche, wobei die erste Nachricht von der ersten Clientvorrichtung, die eine angeforderte Video-Qualität angibt, eine Angabe der Video-Qualität als einen Komprimierungsgrad eines Video-Datenstroms oder eine Auflösung des Video-Datenstroms beinhaltet.
     
    6. Verfahren nach einem der vorstehenden Ansprüche, wobei das Überwachen von Übertragungen zwischen den mehreren Clientvorrichtungen und dem externen Netz beinhaltet:

    Überwachen von Nachrichten eines oder mehrerer von mehreren Protokollen, die zwischen den mehreren Clientvorrichtungen und dem externen Netz übertragen werden.


     
    7. Verfahren nach Anspruch 6, wobei das eine oder die mehreren der mehreren Protokolle das Sitzungsinitiierungsprotokoll (Session Initiation Protocol, SIP) oder H.323 einschließen.
     
    8. Verfahren nach einem der vorstehenden Ansprüche, wobei das Erkennen einer Aushandlung für einen Video-Datenstrom beinhaltet, Teile der Aushandlung bezüglich Codec-Aushandlungen für den Video-Datenstrom abzugreifen.
     
    9. Netzvorrichtung (127; 200), umfassend:

    Eingangs-/Ausgangsports (250, 255) zum Verbinden von mehreren Clientvorrichtungen (125) in einem Ortsnetz (120) mit Servervorrichtungen (130) in einem externen Netz; und

    eine Proxykomponente (510), wobei die Proxykomponente dafür ausgelegt ist,

    Übertragungen zwischen den mehreren Clientvorrichtungen und den Servervorrichtungen zu überwachen;

    eine Information bezüglich einer maximal zulässigen Video-Qualität zu empfangen, die Benutzern der mehreren Clientvorrichtungen entsprechen,

    Nachrichten (420, 430) von den mehreren Clientvorrichtungen abzugreifen, die Codec-Aushandlungen für von den Clientvorrichtungen angeforderte Video-Datenströme betreffen, und entweder wenn eine in einer ersten abgegriffenen Nachricht (420) angeforderte Video-Qualität nicht höher ist als die maximal zulässige Video-Qualität für den Benutzer, der der ersten abgegriffenen Nachricht entspricht, die erste abgegriffene Nachricht zu übertragen, oder

    wenn eine in der ersten abgegriffenen Nachricht angeforderte Video-Qualität höher ist als die maximal zulässige Video-Qualität für den Benutzer, der der ersten abgegriffenen Nachricht entspricht, die erste abgegriffene Nachricht zu modifizieren und die modifizierte erste abgegriffene Nachricht anstelle der ersten Nachricht zu übertragen.


     
    10. Netzvorrichtung nach Anspruch 9, ferner umfassend:

    eine Richtlinienmaschine (520) zum Speichern der Netzrichtlinieninformationen, die den Benutzern der mehreren Clientvorrichtungen entsprechen, wobei die Proxykomponente die Information bezüglich der maximal zulässigen Video-Qualität von der Richtlinienmaschine empfängt.


     
    11. Netzvorrichtung nach Anspruch 9, wobei die Proxykomponente dafür ausgelegt ist, wenn sie die Information bezüglich der maximal zulässigen Video-Qualität empfängt, die Information von einer Richtlinienmaschine zu empfangen, die innerhalb des Ortsnetzes arbeitet.
     
    12. Netzvorrichtung nach Anspruch 9 oder Anspruch 10, wobei die Netzvorrichtung eine Gatewayvorrichtung, eine Firewallvorrichtung oder eine Routervorrichtung einschließt.
     
    13. Netzvorrichtung nach einem der Ansprüche 9 bis 12, wobei die erste Nachricht eine Angabe der Video-Qualität als einen Komprimierungsgrad eines Video-Datenstroms oder eine Auflösung des Video-Datenstroms beinhaltet.
     
    14. Netzvorrichtung nach einem der Ansprüche 9 bis 13, wobei die Proxykomponente dafür ausgelegt ist, bei der Überwachung der Übertragungen zwischen den mehreren Clientvorrichtungen und den Servervorrichtungen Nachrichten zu überwachen, die unter Verwendung eines oder mehrerer von mehreren Protokollen zwischen den mehreren Clientvorrichtungen und der Servervorrichtung übertragen werden.
     
    15. Netzvorrichtung nach Anspruch 14, wobei das eine oder die mehreren der mehreren Protokolle das Sitzungsinitiierungsprotokoll (Session Initiation Protocol, SIP) oder H.323 einschließen.
     


    Revendications

    1. Procédé, mis en oeuvre par un dispositif de réseau (127, 200), comprenant de :

    surveiller, par le dispositif de réseau, des communications entre une pluralité de dispositifs clients (125) et un réseau externe (110) ;

    détecter, par le dispositif de réseau et sur la base de la surveillance, une négociation (410, 420, 430) pour un flux vidéo se produisant entre un premier dispositif client de la pluralité de dispositifs clients et un dispositif serveur dans le réseau externe, la négociation comprenant au moins un premier message (420) provenant du premier dispositif client indiquant une qualité vidéo demandée par le premier dispositif client ;

    déterminer, par le dispositif de réseau, une qualité vidéo maximale autorisée pour le premier dispositif client ;

    déterminer, par le dispositif de réseau, si la qualité vidéo demandée par le premier dispositif client est supérieure à la qualité vidéo maximale autorisée ;

    si la qualité vidéo demandée par le premier dispositif client n'est pas supérieure à la qualité vidéo maximale autorisée, transmettre, par le dispositif de réseau, le premier message au dispositif serveur, et

    si la qualité vidéo demandée par le premier dispositif client est supérieure à la qualité vidéo maximale autorisée, modifier, par le dispositif de réseau, le premier message pour modifier la qualité vidéo demandée afin qu'elle soit égale à la qualité vidéo maximale autorisée, et transmettre, par le dispositif de réseau, le premier message modifié au dispositif serveur à la place du premier message à partir du dispositif client.


     
    2. Procédé selon la revendication 1, dans lequel la détermination de la qualité vidéo maximale autorisée comprend de :

    déterminer la qualité vidéo maximale autorisée sur la base de politiques définies pour un réseau local qui inclut la pluralité de dispositifs clients.


     
    3. Procédé selon la revendication 1 ou la revendication 2, dans lequel le réseau externe comprend un réseau étendu, "WAN" ou l'Internet.
     
    4. Procédé selon l'une quelconque des revendications précédentes, dans lequel le dispositif de réseau comprend un dispositif passerelle, un dispositif pare-feu ou un dispositif routeur.
     
    5. Procédé selon l'une quelconque des revendications précédentes, dans lequel le premier message provenant du premier dispositif client indiquant une qualité vidéo demandée comprend une indication de la qualité vidéo en tant que niveau de compression d'un flux vidéo ou résolution du flux vidéo.
     
    6. Procédé selon l'une quelconque des revendications précédentes, dans lequel la surveillance des communications entre la pluralité de dispositifs clients et le réseau externe comprend de :

    surveiller des messages, d'un ou plusieurs protocoles d'une pluralité de protocoles, transmis entre la pluralité de dispositifs clients et le réseau externe.


     
    7. Procédé selon la revendication 6, dans lequel lesdits un ou plusieurs protocoles de la pluralité de protocoles incluent le protocole d'initiation de session SIP ou H.323.
     
    8. Procédé selon l'une quelconque des revendications précédentes, dans lequel la détection d'une négociation pour un flux vidéo comprend d'intercepter des parties de la négociation ayant trait à des négociations de codecs pour le flux vidéo.
     
    9. Dispositif de réseau (127 ; 200) comprenant :

    des ports d'entrée/sortie (250, 255) pour connecter une pluralité de dispositifs clients (125) dans un réseau local (120) à des dispositifs serveur (130) dans un réseau externe ; et

    un composant mandataire (510), le composant mandataire étant configuré

    pour surveiller les communications entre la pluralité de dispositifs clients et les dispositifs serveur ;

    pour recevoir des informations relatives à une qualité vidéo maximale autorisée correspondant à des utilisateurs de la pluralité de dispositifs clients,

    pour intercepter des messages (420, 430) parmi la pluralité de dispositifs clients ayant trait à des négociations de codecs pour des flux vidéo demandés par les dispositifs clients, et

    si une qualité vidéo demandée dans un premier message intercepté (420) n'est pas supérieure à la qualité vidéo maximale autorisée de l'utilisateur correspondant au premier message intercepté, pour transmettre le premier message intercepté, ou

    si une qualité vidéo demandée dans le premier message intercepté est supérieure à la qualité vidéo maximale autorisée de l'utilisateur correspondant au premier message intercepté, pour modifier le premier message intercepté et pour transmettre le premier message intercepté modifié à la place du premier message.


     
    10. Dispositif de réseau selon la revendication 9, comprenant en outre :

    un moteur de politique (520) pour stocker des informations de politique de réseau correspondant aux utilisateurs de la pluralité de dispositifs clients, où le composant mandataire reçoit les informations relatives à la qualité vidéo maximale autorisée à partir du moteur de politique.


     
    11. Dispositif de réseau selon la revendication 9, dans lequel le composant mandataire est configuré, lors de la réception des informations relatives à une qualité vidéo maximale autorisée, pour recevoir les informations à partir d'un moteur de politique fonctionnant dans le réseau local.
     
    12. Dispositif de réseau selon la revendication 9 ou 10, dans lequel le dispositif de réseau inclut un dispositif passerelle, un dispositif pare-feu ou un dispositif routeur.
     
    13. Dispositif de réseau selon l'une quelconque des revendications 9 à 12, dans lequel le premier message comprend une indication de la qualité vidéo en tant que niveau de compression d'un flux vidéo ou résolution du flux vidéo.
     
    14. Dispositif de réseau selon l'une quelconque des revendications 9 à 13, dans lequel le composant mandataire est configuré, lors de la surveillance des communications entre la pluralité de dispositifs clients et les dispositifs serveur, pour surveiller les messages transmis, en utilisant un ou plusieurs protocoles d'une pluralité de protocoles, entre la pluralité de dispositifs clients et le dispositif serveur.
     
    15. Dispositif de réseau selon la revendication 14, dans lequel lesdits un ou plusieurs protocoles de la pluralité de protocoles incluent le protocole d'initiation de session SIP ou H.323.
     




    Drawing


























    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description