Virtual private data network session count limitation

US 6,430,619 B1
Filed: 05/06/1999
Issued: 08/06/2002
Est. Priority Date: 05/06/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:

maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;

maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;

responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;

rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;

responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and

rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

Citations

34 Claims

1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
  
  maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said first predetermined number is zero.
  - 3. A method according to claim 1, wherein said second predetermined number is zero.
  - 4. A method according to claim 3, wherein said first predetermined number is zero.
  - 5. A method according to claim 1, further comprising:
6. A method according to claim 1, further comprising:
- allowing said user'"'"'s attempt to initiate a VPN session if it would not exceed any maximum number of VPN sessions associated with the user'"'"'s group;
  
  incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session; and
  
  incrementing a VPN session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s VPN session.

7. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network.
- View Dependent Claims (8, 9, 10)
- - 8. A method according to claim 7, further comprising:
9. A method according to claim 8, further comprising:
- allowing said user'"'"'s VPN session if it is not rejected;
  
  incrementing a VPN session count associated the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
  
  first publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  incrementing a data communications network current VPN session count at each subscribing PoP in response to said first publishing.
10. A method according to claim 9, further comprising:
- decrementing a VPN session count associated with the user'"'"'s group at the local database in response to a user'"'"'s VPN session termination;
  
  second publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to a user'"'"'s VPN session;
  
  decrementing a data communications network current VPN session count at each subscribing PoP in response to said second publishing.

11. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
- a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
  
  a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications names, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
  
  a central database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
  
  a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group at a PoP, checks the local database associated with the PoP to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
  
  a VPN session rejecter which rejects said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with the user'"'"'s group or by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP.
- View Dependent Claims (12, 13)
- - 12. A data communications network according to claim 11, further comprising:
13. A data communications network according to claim 12, further comprising:
- a VPN session count incrementer associated with the local database and the user'"'"'s group, responsive to a user'"'"'s VPN session; and
  
  a VPN session count incrementer associated with the central database and responsive to said subscriber.

14. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
- a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
  
  a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network.
- View Dependent Claims (15, 16, 17)
- - 15. A data communications network according to claim 14, further comprising:
16. A data communications network according to claim 15, further comprising:
- a VPN session count incrementor associated with the local database and the user'"'"'s group and responsive to the user'"'"'s initiation of a VPN session;
  
  a VPN start event publisher which publishes VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  a data communications network current VPN session count incrementor at each subscribing PoP responsive to said VPN start event publisher.
17. A data communications network according to claim 16, further comprising:
- a VPN session count decrementer associated with the local database and a user'"'"'s group, said VPN session count responsive to the user'"'"'s log out;
  
  a VPN stop event publisher publishing VPN session termination events corresponding to a user'"'"'s group to other subscribing PoPs in response to said user'"'"'s termination of the VPN connection log out;
  
  a data communications network current VPN session count decrementer at each subscribing PoP responsive to said VPN stop event publisher.

18. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method steps comprising:
- maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
  
  maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group.

19. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method steps comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network.
- View Dependent Claims (20, 21, 22)
- - 20. A program storage device according to claim 19, wherein said method further comprises:
21. A program storage device according to claim 20, wherein said method further comprises:
- allowing said user'"'"'s VPN session if it is not rejected;
  
  incrementing a VPN session count associated the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
  
  first publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  incrementing a data communications network current VPN session count at each subscribing PoP in response to said first publishing.
22. A program storage device according to claim 21, wherein said method further comprises:
- decrementing a VPN session count associated with the user'"'"'s group at the local database in response to a user'"'"'s VPN session termination;
  
  second publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to a user'"'"'s VPN session; and
  
  decrementing a data communications network current VPN session count at each subscribing PoP in response to said second publishing.

23. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
  
  allowing said user'"'"'s VPN session if it is not rejected;
  
  incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
  
  publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  incrementing a data communications network current VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session.
- View Dependent Claims (24, 25, 26)
- - 24. The method according to claim 23, further comprising:
25. The method according to claim 23, further comprising:
- decrementing said VPN session count associated with the user'"'"'s group at the local database in response to terminating said user'"'"'s VPN session; and
  
  publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session.
26. The method according to claim 23, further comprising:
- receiving a VPN stop event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
  
  decrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.

27. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
- a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
  
  a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network;
  
  a VPN session rejecter which rejects said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and rejects said user'"'"'s attempt to intiate a VPN session if said user'"'"'s log would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network;
  
  a VPN session allower which allows said user'"'"'s attempt to initiate a VPN session if it is not rejected;
  
  a VPN session count incrementer associated with the local database and the user'"'"'s group and responsive to allowing said user'"'"'s VPN session;
  
  a VPN start event publisher for publishing VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  a data communications network current VPN session count incrementer associated with the local database and the user'"'"'s group and responsive to allowing said user'"'"'s VPN session.
- View Dependent Claims (28, 29, 30)
- - 28. The data communications network according to claim 27, further comprising:
29. The data communications network according to claim 27, further comprising:
- a VPN session count decrementer associated with the local database and a user'"'"'s group and responsive to terminating said user'"'"'s VPN session;
  
  a VPN stop event publisher for publishing VPN stop events corresponding to a user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session; and
  
  a data communications network current VPN session count decrementer associated with the local database and the user'"'"'s group and responsive to terminating said user'"'"'s VPN session.
30. The data communications network according to claim 27, further comprising:
- a VPN stop event publication receiver for receiving publications corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
  
  a data communications network current VPN session count decrementer associated with the local database and the user'"'"'s group and responsive to the termination of a VPN session by one of the subscribing PoPs.

31. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
  
  responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
  
  rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
  
  allowing said user'"'"'s VPN session if it is not rejected;
  
  incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
  
  publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
  
  incrementing a data communications network current VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session.
- View Dependent Claims (32, 33, 34)
- - 32. A program storage device according to claim 31, wherein said method further comprises:
33. A program storage device according to claim 31, wherein said method further comprises:
- decrementing said VPN session count associated with the user'"'"'s group at the local database in response to terminating said user'"'"'s VPN session; and
  
  publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session.
34. A program storage device according to claim 31, wherein said method further comprises:
- receiving a VPN stop event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
  
  decrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sitaraman, Aravind, Yager, Charles Troper, Alesso, Craig Michael
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US09/306,242
Time in Patent Office

1,188 Days
Field of Search

704/225, 704/226, 704/229, 704/223, 704/227, 700/225, 700/229, 700/227, 700/220, 700/217, 700/210, 707/9, 707/10, 709/224, 709/223
US Class Current

709/225
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4679   Arrangements for the regist...

H04L 67/14   Session management for real...

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

Virtual private data network session count limitation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private data network session count limitation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links