Session aggregator brokering of data stream communication

US 10,250,498 B1
Filed: 10/03/2016
Issued: 04/02/2019
Est. Priority Date: 10/03/2016
Status: Active Grant

First Claim

Patent Images

1. A method of providing secure streamed data sessions over the Internet, comprising:

collecting data communication performance metrics on a plurality of routers in the Internet by an orchestrator virtualized network function (VNF), where the orchestrator VNF is provided by execution on a virtual computing platform;

receiving a request for a secure streamed data session by the orchestrator VNF from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session;

analyzing the metrics on the plurality of routers by the orchestrator VNF based on the SLA identification in the request;

determining a secure routing path for the requested secure streamed data session by the orchestrator VNF based on the analyzing;

creating a routing instruction set that defines the secure routing path by the orchestrator VNF;

transmitting the routing instruction set to a session aggregator node by the orchestrator VNF;

establishing trusted end-to-end communication links between the session aggregator node and each of the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers by the session aggregator node, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone;

configuring the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers by the session aggregator node via the trusted end-to-end communication links; and

providing the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least in part on configuring the routing instructions set.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for proving secure streamed data sessions is disclosed. The system comprises a first computer system executing an orchestrator virtualized network function (VNF). The orchestrator VNF collects performance metrics on routers, receives a request for a secure streamed data session, analyzes the metrics based on the request, determines a secure routing path, creates a routing instruction set that defines the secure routing path, and transmits the routing instruction set to a session aggregator. The system further comprises a second computer system that executes the session aggregator in a trusted security zone. The session aggregator establishes trusted end-to-end communication links with a first edge router, a second edge router, and at least one of the plurality of routers and configures the routing instruction set into each of the CPE node, the first edge router, the second edge router, and the at least one router via the trusted end-to-end communication link.

315 Citations

20 Claims

1. A method of providing secure streamed data sessions over the Internet, comprising:
- collecting data communication performance metrics on a plurality of routers in the Internet by an orchestrator virtualized network function (VNF), where the orchestrator VNF is provided by execution on a virtual computing platform;
  
  receiving a request for a secure streamed data session by the orchestrator VNF from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session;
  
  analyzing the metrics on the plurality of routers by the orchestrator VNF based on the SLA identification in the request;
  
  determining a secure routing path for the requested secure streamed data session by the orchestrator VNF based on the analyzing;
  
  creating a routing instruction set that defines the secure routing path by the orchestrator VNF;
  
  transmitting the routing instruction set to a session aggregator node by the orchestrator VNF;
  
  establishing trusted end-to-end communication links between the session aggregator node and each of the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers by the session aggregator node, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone;
  
  configuring the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers by the session aggregator node via the trusted end-to-end communication links; and
  
  providing the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least in part on configuring the routing instructions set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising the orchestrator VNF creating a second routing instruction set, the orchestrator VNF transmitting the second routing instruction set to the session aggregator node, and the session aggregator node configuring the second routing instruction set into each of the first edge router, the second edge router, and a core network router, whereby a throughput capacity of the secure streamed data session is expanded by configuring the second routing instruction set into each of the first edge router, the second edge router, and the core network router.
  - 3. The method of claim 2, wherein the orchestrator VNF is triggered to create the second routing instruction set by analyzing updated metrics on the plurality of routers and determining that additional throughput capacity is needed to meet the SLA associated with the secure streamed data session.
  - 4. The method of claim 1, further comprising the orchestrator VNF creating a third routing instruction set, the orchestrator VNF transmitting the third routing instruction set to the session aggregator node, and the session aggregator node configuring the third routing instruction set into each of the first edge router, the second edge router, and a core network router, whereby a throughput capacity of the secure streamed data session is reduced by configuring the third routing instruction set into each of the first edge router, the second edge router, and the core network router.
  - 5. The method of claim 4, wherein the orchestrator VNF is triggered to create the third routing instruction set by analyzing updated metrics on the plurality of routers and determining that reduced throughput capacity is sufficient to meet the SLA associated with the secure streamed data session.
  - 6. The method of claim 1, wherein the metrics comprise a jitter metric.
  - 7. The method of claim 1, wherein the metrics comprise a latency metric.
  - 8. The method of claim 7, wherein the latency metric is provided by the CPE.
  - 9. The method of claim 1, wherein determining the secure routing path based on the analyzing the metrics on the plurality of routers comprises using an application layer traffic optimizer (ALTO) algorithm.
  - 10. The method of claim 1, wherein the CPE node couples a business local area network to the secure streamed data session.
  - 11. The method of claim 10, wherein the secure streamed data session couples the CPE node to an enterprise location.
  - 12. The method of claim 10, wherein the secure streamed data session couples the CPE node to a data center.
  - 13. The method of claim 1, wherein collecting the data communication performance metrics comprises collection metrics that are less than a threshold time duration old.
  - 14. The method of claim 13, wherein the collection metrics are less than one day old.
  - 15. The method of claim 13, wherein the collection metrics are less than one hour old.
  - 16. The method of claim 1, wherein the plurality of routers are associated with a first data network service provider, wherein the secure routing path is in a first data network, and wherein the session aggregator node is associated with the first data network, and further comprising:
    - collecting a set of data communication performance metrics by the orchestrator VNF on a second plurality of routers associated with a second data network service provider, where the first data network service provider is different from the second data network service provider;
      
      analyzing the metrics on the second plurality of routers by the orchestrator VNF based on the SLA identification in the request;
      
      determining a second secure routing path in a second data network associated with the second plurality of routers by the orchestrator VNF based on the analyzing the metrics on the second plurality of routers;
      
      creating by the orchestrator VNF a second routing instruction set that defines the second secure routing path;
      
      transmitting the second routing instruction set by the orchestrator VNF to a second session aggregator node associated with the second data network; and
      
      configuring at least some of the second plurality of routers by the second session aggregator node in accordance with the second routing instruction set, wherein the streamed data session crosses two different data networks without the use of a network-to-network interface (NNI) between the two different data networks.

17. A system for providing secure streamed data sessions over the Internet, comprising:
- a first computer system providing a virtual computing platform in which it executes an orchestrator virtualized network function (VNF), wherein the orchestrator VNF;
  
  collects data communication performance metrics on a plurality of routers in the Internet,receives a request for a secure streamed data session from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session,analyzes the metrics on the plurality of routers based on the SLA identification in the request,determines a secure routing path for the requested secure streamed data session based on the analyzing,creates a routing instruction set that defines the secure routing path, andtransmits the routing instruction set to a session aggregator application; and
  
  a second computer system that executes the session aggregator application in a trusted security zone of the second computer system, wherein the session aggregator;
  
  establishes trusted end-to-end communication links with the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone;
  
  configures the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers via the trusted end-to-end communication links; and
  
  provides the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least on configuring the routing instruction set.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the orchestrator VNF determines the secure routing path based at least in part on an application layer traffic optimizer (ALTO) algorithm.
  - 19. The system of claim 17, wherein the session aggregator application further configures the first edger router, the second edge router, and the at least one of the plurality of routers to conduct data session streaming with each other via the trusted end-to-end communication links.
  - 20. The system of claim 17, wherein the CPE node provides metrics on latency in data sessions observed by the CPE node to the orchestrator VNF for use in analysis and determining the secure routing path.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Bales, Mark R., Bertz, Lyle T., Paczkowski, Lyle W.
Primary Examiner(s)
Wang, Liang Che A
Assistant Examiner(s)
Huang, Kaylee J

Application Number

US15/284,506
Time in Patent Office

911 Days
Field of Search

709231, 709230, 709238, 709239
US Class Current
CPC Class Codes

H04L 41/40   using virtualisation of net...

H04L 41/5009   Determining service level p...

H04L 41/5019   Ensuring fulfilment of SLA

H04L 43/08   Monitoring or testing based...

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/0888   Throughput

H04L 43/20   the monitoring system or th...

H04L 45/302   Route determination based o...

H04L 45/50   using label swapping, e.g. ...

H04L 45/64   using an overlay routing layer

H04L 45/70   Routing based on monitoring...

H04L 63/0272   Virtual private networks

Session aggregator brokering of data stream communication

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

315 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Session aggregator brokering of data stream communication

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

315 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others