System and method for prioritization of traffic through internet access network

US 20070153798A1
Filed: 01/04/2006
Published: 07/05/2007
Est. Priority Date: 01/04/2006
Status: Active Grant

First Claim

Patent Images

1. A method of prioritizing traffic in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the method comprising:

forwarding packets from an end user device and destined for the receiving sub-network through a gateway in an access network;

at the gateway, determining whether packets from the end user device are requesting a new session with the VPN gateway;

at the gateway, non-invasively and independently of any shared secrets between the VPN gateway and the end user device inferring from packets requesting a new session whether the request was accepted by the VPN gateway; and

if it is inferred that the request was accepted by the VPN gateway, maintaining traffic flows for a session between the VPN gateway and the end user device at a priority level higher than a default priority level.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for ensuring that specific traffic flows are adequately prioritized in a public packet communication network even when the network is heavily congested. Per-flow QoS capability is added to VPN tunnels. Connection requests are routed through a specific port in an access provider'"'"'s network to designated VPN gateway. Deep packet inspection is performed on traffic through the port in an attempt to determine whether the connection request was accepted. If the connection request was accepted, the traffic flows associated with that session may be given a specific priority of QoS level when transiting a packet access network.

135 Citations

12 Claims

1. A method of prioritizing traffic in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the method comprising:
- forwarding packets from an end user device and destined for the receiving sub-network through a gateway in an access network;
  
  at the gateway, determining whether packets from the end user device are requesting a new session with the VPN gateway;
  
  at the gateway, non-invasively and independently of any shared secrets between the VPN gateway and the end user device inferring from packets requesting a new session whether the request was accepted by the VPN gateway; and
  
  if it is inferred that the request was accepted by the VPN gateway, maintaining traffic flows for a session between the VPN gateway and the end user device at a priority level higher than a default priority level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein inferring whether the request was accepted comprises performing deep packet inspection of the packets requesting a new session.
  - 3. The method of claim 1 wherein determining whether packets are requesting a new session comprises determining whether the packets have a source address for which a session with the VPN gateway is not currently being maintained.
  - 4. The method of claim 1 further comprising:
    - monitoring traffic flows for the session using deep packet inspection; and
      
      terminating the session if monitoring of traffic flows for the session indicates a lack of traffic, other than keep-alive traffic, over the traffic flows for a configured duration.
  - 5. The method of claim 1 further comprising informing a billing system that the session is maintained at a priority level higher than a default priority level.
  - 6. The method of claim 5 wherein informing a billing system comprises informing the billing system of user identification information.
  - 7. The method of claim 1 further comprising:
    - if it is inferred that the request was rejected by the VPN gateway, determining whether the rejection of the request has characteristics of a denial-of-service attack; and
      
      if the rejection of the request has characteristics of a denial-of-service attack, rate limiting within the access network further traffic flows from the end user device.
  - 8. The method of claim 7 wherein determining whether the rejection of the request has characteristics of a denial-of-service attack comprises:
    - recording rejections of requests; and
      
      if the number of rejections of requests exceeds a configured count, determining that the rejection of the request has the characteristics of a denial-of-service attack.
  - 9. The method of claim 7 wherein determining whether the rejection of the request has characteristics of a denial-of-service attack comprises:
    - recording rejections of requests; and
      
      if the rate of rejections of requests is inconsistent with a human interface at the end user device, determining that the rejection of the request has the characteristics of a denial-of-service attack.
  - 10. The method of claim 1 wherein maintaining traffic flows for a session between the VPN gateway and the end user device at a priority level higher than a default priority level comprises preferentially allocating backup power to network elements carrying the traffic flows.

11. A system for prioritizing traffic in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the system being in access network and comprising:
- a subscriber and policy management system (SPMS) for informing other network elements within the access network to maintain traffic flows for a session at a priority level higher than a default priority level;
  
  a gateway providing communication to the VPN gateway;
  
  an edge router for forwarding traffic destined for the VPN gateway to the gateway;
  
  means at the gateway for determining whether packets from an end user device are requesting a new session with the VPN gateway;
  
  means at the gateway for non-invasively and independently of any shared secrets between the VPN gateway and the end user device inferring from packets requesting a new session whether the request was accepted by the VPN gateway; and
  
  means at the gateway for informing the SPMS that a session is to be given a priority level higher than a default priority level in the event that it is inferred that packets requesting the new session were accepted by the VPN gateway.
- View Dependent Claims (12)
- - 12. The system of claim 11 wherein the gateway comprises a port within the edge router.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Krstulich, Zlatko

Granted Patent

US 7,881,199 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 12/2898   Subscriber equipments DSL m...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5009   Determining service level p...

H04L 41/5022   by giving priorities, e.g. ...

H04L 43/16   Threshold monitoring

H04L 47/10   Flow control; Congestion co...

H04L 47/2433   Allocation of priorities to...

H04L 47/2483   involving identification of...

H04L 47/2491   Mapping quality of service ...

H04L 47/70   Admission control; Resource...

H04L 47/805   QOS or priority aware

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 63/0272   Virtual private networks

System and method for prioritization of traffic through internet access network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

135 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for prioritization of traffic through internet access network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links