METHOD AND APPARATUS FOR DYNAMICALLY SECURING VOICE AND OTHER DELAY-SENSITIVE NETWORK TRAFFIC
First Claim
1. A method for dynamically securing delay-sensitive network traffic, comprising the computer-implemented steps of:
- receiving a request for secure network traffic between a source device at a source node and a destination device at a destination node;
obtaining from a next-hop server a public network address for the destination node;
creating, in response to the request, a virtual circuit between the source node and the destination node based on the public network address for the destination node;
encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit.
0 Assignments
0 Petitions
Accused Products
Abstract
A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture. Furthermore, the process is readily scalable as if a hub and spoke network exists but is more suitable for delay-sensitive traffic, such as voice and video, than a hub and spoke network architecture.
-
Citations
15 Claims
-
1. A method for dynamically securing delay-sensitive network traffic, comprising the computer-implemented steps of:
-
receiving a request for secure network traffic between a source device at a source node and a destination device at a destination node; obtaining from a next-hop server a public network address for the destination node; creating, in response to the request, a virtual circuit between the source node and the destination node based on the public network address for the destination node; encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. - View Dependent Claims (2, 3)
-
-
4. A method for managing a particular virtual circuit between a source node and a destination node that was created in response to a request for secure delay-sensitive network traffic between a source device having a private network address at the source node and a destination device having a private network address at the destination node, the method comprising the computer-implemented steps of:
-
in response to receiving an indication that the particular virtual circuit is no longer needed for network traffic between the source device and the destination device, determining whether any devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic; if no devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic, then determining whether there is a teardown policy associated with the particular virtual circuit that specifies rules regarding elimination of the particular virtual circuit; if no teardown policy is associated with the particular virtual circuit, then eliminating the virtual circuit; and if a teardown policy is associated with the particular virtual circuit, then determining from the associated teardown policy whether the particular virtual circuit should be eliminated.
-
-
5. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions for dynamically securing delay-sensitive network traffic, which instructions, when executed by one or more processors, cause the one or more processors to perform:
-
receiving a request for secure network traffic between a source device at a source node and a destination device at a destination node; obtaining from a next-hop server a public network address for the destination node; creating, in response to the request, a virtual circuit between the source node and the destination node based on the public network address for the destination node; encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. - View Dependent Claims (6, 7)
-
-
8. A computer-readable volatile or non-volatile medium carrying one or more sequences of instructions for managing a particular virtual circuit between a source node and a destination node that was created in response to a request for secure delay-sensitive network traffic between a source device having a private network address at the source node and a destination device having a private network address at the destination node, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
in response to receiving an indication that the particular virtual circuit is no longer needed for network traffic between the source device and the destination device, determining whether any devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic; if no devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic, then determining whether there is a teardown policy associated with the particular virtual circuit that specifies rules regarding elimination of the particular virtual circuit; if no teardown policy is associated with the particular virtual circuit, then eliminating the virtual circuit; and if a teardown policy is associated with the particular virtual circuit, then determining from the associated teardown policy whether the particular virtual circuit should be eliminated.
-
-
9. An apparatus for dynamically securing delay-sensitive network traffic, comprising:
- one or more processors;
means for receiving a request for secure network traffic between a source device at a source node and a destination device at a destination node; means for obtaining from a next-hop server a public network address for the destination node; means for creating, in response to the request, a virtual circuit between the source node and the destination node based on the public network address for the destination node; means for encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. - View Dependent Claims (10, 11)
- one or more processors;
-
12. An apparatus for managing a particular virtual circuit between a source node and a destination node that was created in response to a request for secure delay-sensitive network traffic between a source device having a private network address at the source node and a destination device having a private network address at the destination node, comprising:
-
means for receiving an indication that the particular virtual circuit is no longer needed for network traffic between the source device and the destination device; means for determining whether any devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic; means for determining whether there is a teardown policy associated with the particular virtual circuit that specifies rules regarding elimination of the particular virtual circuit in response to a determination that no devices other than the source and destination devices are using the particular virtual circuit for transporting delay-sensitive network traffic; means for eliminating the virtual circuit, if no teardown policy is associated with the particular virtual circuit; and means for determining from the associated teardown policy whether the particular virtual circuit should be eliminated, if a teardown policy is associated with the particular virtual circuit.
-
-
13. An apparatus for dynamically securing delay-sensitive network traffic, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom; a processor; a computer-readable volatile or non-volatile medium coupled to the processor and storing one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving a request for secure network traffic between a source device at a source node and a destination device at a destination node; obtaining from a next-hop server a public network address for the destination node; creating, in response to the request, a virtual circuit between the source node and the destination node based on the public network address for the destination node; encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. - View Dependent Claims (14, 15)
-
Specification