Techniques for customer self-provisioning of edge nodes for a virtual private network

US 20060187855A1
Filed: 06/02/2005
Published: 08/24/2006
Est. Priority Date: 02/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:

receiving customer input data that indicates, for a particular virtual private network over a provider network of a service provider, a topology for a plurality of customer equipment devices outside the provider network to be joined on the particular virtual private network;

based on the customer input data, determining configuration data for configuring a particular interface of a particular edge node among a plurality of interfaces that connect the plurality of customer equipment devices to a plurality of edge nodes at an edge of the provider network for the particular virtual private network; and

causing the particular edge node to configure the particular interface based on the configuration data without human intervention, wherein;

the provider network is a packet-switched network; and

the particular virtual private network is a link layer virtual private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include properties for corresponding interfaces that connect the customer equipment devices to the edge nodes. Based on the customer input data, configuration data is determined for configuring the particular interface at the particular node. The particular node is caused to configure the particular interface based on the configuration data without human intervention. Among other effects, these techniques support zero-touch provisioning of virtual private networks.

Citations

58 Claims

1. A method for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:
- receiving customer input data that indicates, for a particular virtual private network over a provider network of a service provider, a topology for a plurality of customer equipment devices outside the provider network to be joined on the particular virtual private network;
  
  based on the customer input data, determining configuration data for configuring a particular interface of a particular edge node among a plurality of interfaces that connect the plurality of customer equipment devices to a plurality of edge nodes at an edge of the provider network for the particular virtual private network; and
  
  causing the particular edge node to configure the particular interface based on the configuration data without human intervention, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. A method as recited in claim 1, said step of receiving customer input data further comprising receiving a plurality of properties for the plurality of interfaces that connect the plurality of customer equipment devices to the plurality of edge nodes.
  - 3. A method as recited in claim 1, said step of receiving customer input data further comprising receiving the customer input data at a World Wide Web server accessed through a public Internet.
  - 4. A method as recited in claim 1, said step of receiving customer input data further comprising causing the particular node to configure the particular interface to switch a data packet of a particular protocol received on the particular interface to a subscription server that uses the particular protocol for prompting the customer for the customer input data.
  - 5. A method as recited in claim 4, said step of causing the particular node to configure the particular interface to switch a data packet of a particular protocol received on the particular interface to a subscription server further comprising causing the particular node to configure the particular interface to switch all HTTP data packets to the subscription server, whereby the particular interface is called a captive portal to the subscription server.
  - 6. A method as recited in claim 1, said step of receiving customer input data that indicates the topology further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a type of VPN service; and
      
      receiving input data that indicates the type of VPN in response to sending the message.
  - 7. A method as recited in claim 2, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a unique identifier for the particular interface; and
      
      receiving input data that indicates the unique identifier for the particular interface in response to sending the message.
  - 8. A method as recited in claim 1, said step of receiving customer input data that indicates the topology further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a unique identifier for each customer equipment device of the plurality of customer equipment devices; and
      
      receiving input data that indicates the unique identifier for each customer equipment device in response to sending the message.
  - 9. A method as recited in claim 1, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a level of service for a tunnel between two customer equipment devices of the plurality of customer equipment devices; and
      
      receiving input data that indicates the level of service for a tunnel between two customer equipment devices in response to sending the message.
  - 10. A method as recited in claim 1, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter data that indicates a network protocol for the particular interface; and
      
      receiving input data that indicates the network protocol for the particular interface in response to sending the message.
  - 11. A method as recited in claim 10, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter data that indicates a value for a parameter for the network protocol for the particular interface; and
      
      receiving input data that indicates the value for the parameter for the network protocol for the particular interface in response to sending the message.
  - 12. A method as recited in claim 1, wherein the particular interface is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 13. A method as recited in claim 1, wherein the particular interface is a physical circuit.
  - 14. A method as recited in claim 1, said step of determining configuration data further comprising determining a mapping between a customer identification for the particular interface and a particular virtual private network.
  - 15. A method as recited in claim 1, said step of determining configuration data further comprising determining values for service parameters that are specific to the particular interface.
  - 16. A method as recited in claim 1, said step of determining configuration data further comprising determining values for the type of virtual private network among a plurality of types that include at least two of a virtual private wire service (VPWS), a virtual private local area network service (VPLS) and an inter-local access and transport area private line service (IPLS).
  - 17. A method as recited in claim 1, said step of determining configuration data further comprising determining a mapping between the particular virtual private network and a different node on the edge of the provider network to which the particular node should establish a tunnel for the particular private network.
  - 18. A method as recited in claim 1, said step of determining configuration data further comprising determining a property for a tunnel for the particular private network from the particular node to a different node on an edge of the provider network from a plurality of properties that include at least one of a name for the tunnel and a service level for traffic through the tunnel.
  - 19. A method as recited in claim 1, said step of causing the particular node to configure the particular interface further comprising the steps of:
    - storing the configuration data;
      
      determining whether conditions are satisfied for sending the configuration data to the particular node; and
      
      if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure the particular interface without human intervention for the particular virtual private network based on the configuration data.
  - 20. A method as recited in claim 1, said step of causing the particular node to configure the particular interface further comprising the step of sending the configuration data to a provisioning server on a host computer on the provider network, which host computer is different from the particular node, wherein the provisioning server performs the steps of:
    - storing the configuration data;
      
      determining whether conditions are satisfied for sending the configuration data to the particular node; and
      
      if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure the particular interface without human intervention for the particular virtual private network based on the configuration data.
  - 21. A method as recited in claim 20, wherein the provisioning server is a Remote Access Dial-In Service (RADIUS) Server.
  - 22. A method as recited in claim 21, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a RADIUS user authentication request message is received from the particular node, which request includes a RADIUS user name attribute with data that indicates the particular interface.

23. A method for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:
- receiving data that indicates a subscription server on a provider network of a service provider, configuring a first attachment circuit on a particular edge node of a plurality of attachment circuits for connection to customer equipment outside the provider network on a plurality of edge nodes at an edge of the provider network to exchange data packets for a particular protocol with the subscription server;
  
  receiving on the first attachment circuit a data packet that uses the particular protocol and includes at least a portion of customer input data that indicates, for a particular virtual private network over the provider network, a topology for a plurality of customer equipment devices outside the provider network to be joined on a particular virtual private network;
  
  forwarding the data packet to the subscription server;
  
  receiving configuration data based on the customer input data; and
  
  configuring a second attachment circuit on the particular edge node to join the particular virtual private network without human intervention based on the configuration data, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. A method as recited in claim 23, wherein the second attachment circuit is the same as the first attachment circuit.
  - 25. A method as recited in claim 23, wherein the second attachment circuit is a physical circuit.
  - 26. A method as recited in claim 23, wherein the second attachment circuit is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 27. A method as recited in claim 23, said step of receiving the configuration data further comprising receiving the configuration data from a provisioning server different from the subscription server.
  - 28. A method as recited in claim 23, wherein the particular protocol is a HyperText Transfer Protocol (HTTP).

29. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising:
- means for receiving customer input data that indicates, for a particular virtual private network over a provider network of a service provider, a topology for a plurality of customer equipment devices outside the provider network to be joined on the particular virtual private network;
  
  means for determining, based on the customer input data, configuration data for configuring a particular interface of a particular edge node among a plurality of interfaces that connect the plurality of customer equipment devices to a plurality of edge nodes at an edge of the provider network for the particular virtual private network; and
  
  means for causing the particular edge node to configure the particular interface based on the configuration data without human intervention, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.

30. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising:
- means for receiving data that indicates a subscription server on a provider network of a service provider, means for configuring a first attachment circuit on a particular edge node of a plurality of attachment circuits for connection to customer equipment outside the provider network on a plurality of edge nodes at an edge of the provider network to exchange data packets for a particular protocol with the subscription server;
  
  means for receiving on the first attachment circuit a data packet that uses the particular protocol and includes at least a portion of customer input data that indicates, for a particular virtual private network over the provider network, a topology for a plurality of customer equipment devices outside the provider network to be joined on a particular virtual private network;
  
  means for forwarding the data packet to the subscription server;
  
  means for receiving configuration data based on the customer input data; and
  
  means for configuring a second attachment circuit on the particular edge node to join the particular virtual private network without human intervention based on the configuration data, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.

31. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising:
- a network interface that is coupled to a provider network for communicating therewith a data packet;
  
  one or more processors;
  
  a computer-readable medium; and
  
  one or more sequences of instructions stored in the computer-readable medium, which, when executed by the one or more processors, causes the one or more processors to carry out the step of;
  
  receiving customer input data that indicates, for a particular virtual private network over a provider network of a service provider, a topology for a plurality of customer equipment devices outside the provider network to be joined on the particular virtual private network;
  
  based on the customer input data, determining configuration data for configuring a particular interface of a particular edge node among a plurality of interfaces that connect the plurality of customer equipment devices to a plurality of edge nodes at an edge of the provider network for the particular virtual private network; and
  
  causing the particular edge node to configure the particular interface based on the configuration data without human intervention, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 32. An apparatus as recited in claim 31, said step of receiving customer input data further comprising receiving a plurality of properties for the plurality of interfaces that connect the plurality of customer equipment devices to the plurality of edge nodes.
  - 33. An apparatus as recited in claim 31, said step of receiving customer input data further comprising receiving the customer input data at a World Wide Web server accessed through a public Internet.
  - 34. An apparatus as recited in claim 31, said step of receiving customer input data further comprising causing the particular node to configure the particular interface to switch a data packet of a particular protocol received on the particular interface to a subscription server that uses the particular protocol for prompting the customer for the customer input data.
  - 35. An apparatus as recited in claim 34, said step of causing the particular node to configure the particular interface to switch a data packet of a particular protocol received on the particular interface to a subscription server further comprising causing the particular node to configure the particular interface to switch all HTTP data packets to the subscription server, whereby the particular interface is called a captive portal to the subscription server.
  - 36. An apparatus as recited in claim 31, said step of receiving customer input data that indicates the topology further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a type of VPN service; and
      
      receiving input data that indicates the type of VPN in response to sending the message.
  - 37. An apparatus as recited in claim 32, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a unique identifier for the particular interface; and
      
      receiving input data that indicates the unique identifier for the particular interface in response to sending the message.
  - 38. An apparatus as recited in claim 31, said step of receiving customer input data that indicates the topology further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a unique identifier for each customer equipment device of the plurality of customer equipment devices; and
      
      receiving input data that indicates the unique identifier for each customer equipment device in response to sending the message.
  - 39. An apparatus as recited in claim 31, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter a level of service for a tunnel between two customer equipment devices of the plurality of customer equipment devices; and
      
      receiving input data that indicates the level of service for a tunnel between two customer equipment devices in response to sending the message.
  - 40. An apparatus as recited in claim 31, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter data that indicates a network protocol for the particular interface; and
      
      receiving input data that indicates the network protocol for the particular interface in response to sending the message.
  - 41. An apparatus as recited in claim 40, said step of receiving customer input data that indicates the plurality of properties further comprising:
    - sending a prompt message to a customer device that prompts the customer to enter data that indicates a value for a parameter for the network protocol for the particular interface; and
      
      receiving input data that indicates the value for the parameter for the network protocol for the particular interface in response to sending the message.
  - 42. An apparatus as recited in claim 31, wherein the particular interface is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 43. An apparatus as recited in claim 31, wherein the particular interface is a physical circuit.
  - 44. An apparatus as recited in claim 31, said step of determining configuration data further comprising determining a mapping between a customer identification for the particular interface and a particular virtual private network.
  - 45. An apparatus as recited in claim 31, said step of determining configuration data further comprising determining values for service parameters that are specific to the particular interface.
  - 46. An apparatus as recited in claim 31, said step of determining configuration data further comprising determining values for the type of virtual private network among a plurality of types that include at least two of a virtual private wire service (VPWS), a virtual private local area network service (VPLS) and an inter-local access and transport area private line service (IPLS).
  - 47. An apparatus as recited in claim 31, said step of determining configuration data further comprising determining a mapping between the particular virtual private network and a different node on the edge of the provider network to which the particular node should establish a tunnel for the particular private network.
  - 48. An apparatus as recited in claim 31, said step of determining configuration data further comprising determining a property for a tunnel for the particular private network from the particular node to a different node on an edge of the provider network from a plurality of properties that include at least one of a name for the tunnel and a service level for traffic through the tunnel.
  - 49. An apparatus as recited in claim 31, said step of causing the particular node to configure the particular interface further comprising the steps of:
    - storing the configuration data;
      
      determining whether conditions are satisfied for sending the configuration data to the particular node; and
      
      if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure the particular interface without human intervention for the particular virtual private network based on the configuration data.
  - 50. An apparatus as recited in claim 31, said step of causing the particular node to configure the particular interface further comprising the step of sending the configuration data to a provisioning server on a host computer on the provider network, which host computer is different from the particular node, wherein the provisioning server performs the steps of:
    - storing the configuration data;
      
      determining whether conditions are satisfied for sending the configuration data to the particular node; and
      
      if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure the particular interface without human intervention for the particular virtual private network based on the configuration data.
  - 51. An apparatus as recited in claim 50, wherein the provisioning server is a Remote Access Dial-In Service (RADIUS) Server.
  - 52. An apparatus as recited in claim 51, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a RADIUS user authentication request message is received from the particular node, which request includes a RADIUS user name attribute with data that indicates the particular interface.

53. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising:
- a provider network interface that is coupled to a provider network for communicating therewith a data packet;
  
  a customer network interface for coupling to customer premises equipment outside the provider network for communicating therewith a data packet;
  
  one or more processors;
  
  a computer-readable medium; and
  
  one or more sequences of instructions stored in the computer-readable medium, which, when executed by the one or more processors, causes the one or more processors to carry out the step of;
  
  receiving data that indicates a subscription server on a provider network of a service provider, configuring a first attachment circuit on the customer network interface to exchange data packets for a particular protocol with the subscription server;
  
  receiving on the first attachment circuit a data packet that uses the particular protocol and includes at least a portion of customer input data that indicates, for a particular virtual private network over the provider network, a topology for a plurality of customer equipment devices outside the provider network to be joined on a particular virtual private network;
  
  forwarding the data packet to the subscription server;
  
  receiving configuration data based on the customer input data; and
  
  configuring a second attachment circuit for coupling to customer premises equipment to join the particular virtual private network without human intervention based on the configuration data, wherein;
  
  the provider network is a packet-switched network; and
  
  the particular virtual private network is a link layer virtual private network.
- View Dependent Claims (54, 55, 56, 57, 58)
- - 54. An apparatus as recited in claim 53, wherein the second attachment circuit is the same as the first attachment circuit.
  - 55. An apparatus as recited in claim 53, wherein the second attachment circuit is a physical circuit.
  - 56. An apparatus as recited in claim 53, wherein the second attachment circuit is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 57. An apparatus as recited in claim 53, said step of receiving the configuration data further comprising receiving the configuration data from a provisioning server different from the subscription server.
  - 58. A method as recited in claim 53, wherein the particular protocol is a HyperText Transfer Protocol (HTTP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Luo, Wei, Townsley, William Mark, Booth, Earl Hardin III, Weber, Greg

Granted Patent

US 7,778,199 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/254
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0253   using browsers or web-pages...

H04L 41/0806   for initial configuration o...

H04L 41/0866   Checking the configuration

H04L 41/0886   Fully automatic configuration

H04L 41/122   of virtualised topologies, ...

Techniques for customer self-provisioning of edge nodes for a virtual private network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for customer self-provisioning of edge nodes for a virtual private network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links