Apparatus and method creating virtual routing domains in an internet protocol network

US 20060227758A1
Filed: 04/09/2005
Published: 10/12/2006
Est. Priority Date: 04/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for creating virtual routing domains in an internet protocol network comprising:

mapping ingress interface and tunneling protocol identifying information for a network flow to a virtual routing domain identifier, the virtual routing domain identifier associated with a particular customer; and

using application information within the network flow to identify a destination for the network flow, the destination associated with a second virtual routing domain identifier; and

determining how to forward the network flow based on the second virtual routing domain identifier.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is described that allow the creation of virtual routing domains in an IP network. These virtual routing domains allow individual networks to be configures so that it appears that its routing domain covers the entire IP address space. A network processing system is used to implement the virtual routing domains and to allow network traffic to cross the individual routing domains. The network processing system is able to use application layer information to allow the crossing of virtual routing domain boundaries. By examining application layer information the network processing system is able to look up customer/user information and use that information to determine destination virtual routing domains and route otherwise unroutable addresses between domains.

242 Citations

32 Claims

1. A method for creating virtual routing domains in an internet protocol network comprising:
- mapping ingress interface and tunneling protocol identifying information for a network flow to a virtual routing domain identifier, the virtual routing domain identifier associated with a particular customer; and
  
  using application information within the network flow to identify a destination for the network flow, the destination associated with a second virtual routing domain identifier; and
  
  determining how to forward the network flow based on the second virtual routing domain identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the method is performed by a network processing system at the edge of a provider network.
  - 3. The method of claim 2 wherein the network processing system can pass flows between different virtual routing domains.
  - 4. The method of claim 1 wherein determining how to forward is determined by policies assigned to a customer associated with the second virtual routing domain.
  - 5. The method of claim 4 wherein the policies include bandwidth limitations, quality of service settings, and forwarding assignments.
  - 6. The method of claim 2 wherein the network processing system is able to route from a virtual routing domain based on session target sets.
  - 7. The method of claim 2 wherein the network processing system is able to route from a virtual routing domain based on the type of traffic being routed.

8. A network processing system in an internet protocol network passing network traffic made up of individual flows, the network including one or more customer networks employing layer two tunneling protocols, each having layer two tunneling protocol identifying information, the network processing system comprising:
- ingress ports for receiving the network traffic;
  
  at least one processor operable to associate the input port and layer two tunneling protocol information for flows over the network to a virtual routing domain identifier, the at least one processor also operable to associate application information in the flows with a second virtual domain identifier, the second virtual domain identifier determining egress treatment for the flows; and
  
  egress ports for forwarding the network traffic.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The network processing system of claim 8 wherein the network processing system is at the edge of a provider network and is the sole contact point for each virtual routing domain.
  - 10. The network processing system of claim 8 wherein the network processing system is able to route flows across virtual routing domains.
  - 11. The network processing system of claim 8 wherein the egress treatment includes determining forwarding information for the flow.
  - 12. The network processing system of claim 11 wherein the forwarding information is different for each virtual routing domain on the network processing system.
  - 13. The network processing system of claim 8 wherein egress treatment for the flows includes treatment based on policies set for the virtual routing domain.
  - 14. The network processing system of claim 13 wherein the policies include bandwidth limitations, quality of service settings, and forwarding assignments.
  - 15. The network processing system of claim 11 wherein the forwarding information is based on session target sets.
  - 16. The network processing system of claim 11 wherein forwarding information is based on the type of traffic in the flow.

17. A virtual proxy in a network processing system, comprising:
- an identifier unique to the virtual proxy such that network traffic meeting predetermined criteria pass through the virtual proxy;
  
  session routing information for the network passing through the virtual proxy, the session routing information providing specialized routing information for the network traffic; and
  
  bandwidth enforcement protocols operable to insure that the network traffic passing through the virtual proxy does not exceed a predetermined limit.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The virtual proxy of claim 17 wherein the virtual proxy further comprises connection limit protocols operable to limit the number of simultaneous connections to the virtual proxy.
  - 19. The virtual proxy of claim 17 wherein the virtual proxy is operable in a back-to-back user agent mode.
  - 20. The virtual proxy of claim 17 wherein the virtual proxy is operable in a stateful proxy mode.
  - 21. The virtual proxy of claim 17 wherein the virtual proxy is able to perform bandwidth based session access control.

22. A method of protecting a network from denial of service attacks comprising:
- providing two or more virtual proxies on a network processing system on the network, such that each of the two or more virtual proxies services a subset of network addresses and ports serviced by the network processing system; and
  
  provisioning a maximum bandwidth for each of the two or more virtual proxies such that a denial of service attack may not exceed the maximum bandwidth for one virtual proxy of the two or more virtual proxies thereby protecting each of the remaining virtual proxies from the denial of service attack
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22 further comprising provisioning a maximum number of connections for each virtual proxy to limit the number of simultaneous connections to the virtual proxy
  - 24. The method of claim 22 further comprising setting one or more of the virtual proxies to operate in a back-to-back user agent mode.
  - 25. The virtual proxy of claim 22 further comprising setting one or more of the virtual proxies in a stateful proxy mode.
  - 26. The virtual proxy of claim 22 further comprising performing bandwidth based session access control at each of the two or more virtual proxies.

27. A network processing system for use in a network comprising:
- a plurality of network addresses assigned to the network processing system; and
  
  one or more virtual proxies, each virtual proxy configured to service a subset of the plurality of network addresses wherein each of the one or more virtual proxies are operable to define maximum resource limits for network traffic passing through it, and wherein at least one of the one or more virtual proxies includes session routing information providing specialized routing information specific to the network traffic passing through that virtual proxy.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The network processing system of claim 27 wherein resource limit is a maximum bandwidth.
  - 29. The network processing system of claim 27 wherein the resource limit is a maximum number of connections.
  - 30. The network processing system of claim 27 wherein resource limit is a maximum number of concurrent voice over internet protocol calls.
  - 31. The network processing system of claim 27 wherein each of the virtual proxies is operable in a mode selected from the following modes:
    - stateful proxy mode; and
      
      back-to-back user agent mode.
  - 32. The network processing system of claim 27 wherein each of the virtual proxies is associated with a virtual routing domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AudioCodes, Inc. (Audiocodes Limited)
Original Assignee
Netrake Corp. (Audiocodes Limited)
Inventors
Rana, Ashwin Vishanji, Walls, Robert Harold, Maher, Robert Daniel III, Lie, Milton Andre

Granted Patent

US 7,894,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/351
CPC Class Codes

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/302   Route determination based o...

H04L 45/3065   for real time traffic

H04L 45/38   Flow based routing

H04L 47/10   Flow control; Congestion co...

H04L 47/20   Traffic policing

H04L 47/2416   Real-time traffic

H04L 47/2425   for supporting services spe...

H04L 47/6215   Individual queue per QOS, r...

H04L 63/0272   Virtual private networks

H04L 63/1458   Denial of Service

Apparatus and method creating virtual routing domains in an internet protocol network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

242 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method creating virtual routing domains in an internet protocol network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

242 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links