Process and apparatus for the operation of virtual private networks on a common data packet communication network

US 6,438,127 B1
Filed: 03/12/1998
Issued: 08/20/2002
Est. Priority Date: 03/12/1997
Status: Expired due to Term

First Claim

Patent Images

1. A process for operation of a plurality of layer-3 virtual private networks on a common data packet communication network, comprising the steps of:

allocating a disjoint partial address space of a predetermined homogeneous total address space of the common data packet communication network to each of the virtual private networks so as to separate the plural virtual private networks;

assigning a virtual private network identification number to each virtual private network to identify the disjoint partial address space of the each virtual private network, said virtual private network identification number comprising as part of an address of every one of plural individual subscribers of the each virtual private network and starting at a fixed bit position in an individual subscriber address of each of the plural individual subscribers of the each layer-3 virtual private network; and

filtering data packets and routing information moving through the communication network using routers of the data packet communication network based on the virtual private network identification number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Economical and dependable networking of spatially separated branches of an organization is made possible for a plurality of individual subscribers with spatially separated branches by means of an arrangement and process for the operation of layer-3 virtual private networks (VPN A, VPN B) on a common data packet.communication network (e.g. OSI L3 data packet communication network 1). A logical separation of the layer-3 VPNs (VPNA, VPNB) is accomplished by allocating disjoint partial address spaces of a given homogeneous total address space to these L3 VPNs. A virtual private network identification number VPN ID is assigned to each L3 VPN and used to identify the disjoint partial address space by forming a part of the address. The VPN ID characterizing the L3 VPN starts at a fixed bit position in the individual subscriber address of each individual subscriber of the L3 VPN and may have a variable or a fixed length. Secure separation of the L3 VPNs is implemented by filtering of routing information and/or data packets based on the VPN ID.

110 Citations

18 Claims

1. A process for operation of a plurality of layer-3 virtual private networks on a common data packet communication network, comprising the steps of:
- allocating a disjoint partial address space of a predetermined homogeneous total address space of the common data packet communication network to each of the virtual private networks so as to separate the plural virtual private networks;
  
  assigning a virtual private network identification number to each virtual private network to identify the disjoint partial address space of the each virtual private network, said virtual private network identification number comprising as part of an address of every one of plural individual subscribers of the each virtual private network and starting at a fixed bit position in an individual subscriber address of each of the plural individual subscribers of the each layer-3 virtual private network; and
  
  filtering data packets and routing information moving through the communication network using routers of the data packet communication network based on the virtual private network identification number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The process in accordance with claim 1, further comprising the step of making a common address space of the total address space visible to specific one of the plural virtual private networks so as to enable access to central services of a common network infrastructure from the specific virtual private networks.
  - 3. The process in accordance with claim 2, further comprising the step of checking an individual subscriber of one of the plural layer-3 virtual private networks for authorization to access predetermined central services and separating the central services for different ones if the plural layer-3 virtual private networks based on the virtual private network identification number in a sender address of the individual subscribers and on a destination address of the central service.
  - 4. The process in accordance with claim 1, wherein the data packet communication network comprises one of an open systems interconnection protocol, IPv4 protocol, IPv6 protocol and IPX protocol network.
  - 5. The process in accordance with claim 1, further comprising the step of assigning service queries to virtual private network specific service processes using a dispatcher process based on the virtual private network identification number.
  - 6. The process in accordance with claim 1, further comprising the step of assigning a domain name service query to virtual private network specific service processes using a domain-name server dispatcher process based on the virtual private network identification number of a sender.
  - 7. The process in accordance with claim 1, wherein the communication network comprises an open systems interconnection layer-3 data packet communication network.
  - 8. The process in accordance with claim 1, wherein the virtual private network identification number is of fixed length.

9. A process for operation of a plurality of layer-3 virtual private networks on a common data packet communication network, comprising the steps of:
- allocating a disjoint partial address space of a predetermined homogeneous total address space of the common data packet communication network to each of the virtual private networks so as to separate the plural virtual private networks;
  
  assigning a virtual private network identification number to each virtual private network to identify the disjoint partial address space of the each virtual private network, said virtual private network identification number comprising as part of an address of every one of plural individual subscribers of the each virtual private network and starting at a fixed bit position in an individual subscriber address of each of the plural individual subscribers of the each layer-3 virtual private network, wherein the virtual private network identification number is of variable length; and
  
  filtering data packets and routing information moving through the communication network using routers of the data packet communication network based on the virtual private network identification number.

10. A system comprising:
- a common data packet communication network;
  
  a plurality of layer-3 virtual private networks connected to the data packet communication network, each said virtual private network comprising a plurality of individual subscribers such having an individual subscriber address, being separated from one another by a disjoint partial address space of a total address space of said common data packet communication network, assigned to each said virtual private network and being identified by a virtual private network identification number that forms part of and starts at a fixed bit position in an individual subscriber address of each individual subscriber of said each virtual private network; and
  
  means for filtering data packets and routing information moving through the communication network in routers of said common data packet communication network based on the virtual private network identification number.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system in accordance with claim 10, wherein said common network comprises an infrastructure for central services accessible by the individual subscribers of said virtual private networks by making visible a common address space of said total address space for specific ones of said plural virtual private networks.
  - 12. The system in accordance with claim 11, further comprising:
13. The system in accordance with claim 12, wherein said common data packet communication network comprises one of an open systems interconnection protocol, IPv4 protocol, IPv6 protocol and IPX protocol network.
14. The system in accordance with claim 10, further comprising a dispatcher process for assigning service queries to virtual private network specific service processes based on the virtual private network identification number.
15. The system in accordance with claim 10, further comprising a domain name service dispatcher for assigning a domain name service query to virtual private network specific service processes based on the virtual private network identification number of a sender.
16. The system in accordance with claim 10, wherein said data communication network comprises an open systems interconnection layer-3 data packet communication network.
17. The system in accordance with claim 10, wherein the virtual private network identification number is of fixed length.

18. A system comprising:
- a common data packet communication network;
  
  a plurality of layer-3 virtual private networks connected to the data packet communication network, each said virtual private network comprising a plurality of individual subscribers such having an individual subscriber address, being separated from one another by a disjoint partial address space of a total address space of said common data packet communication network, assigned to each said virtual private network and being identified by a viral private network identification number that forms part of and starts at a fixed bit position in an individual subscriber address of each individual subscriber of said each virtual private network, wherein the virtual private network identification number is of variable length; and
  
  means for filtering data packets and routing information moving through the communication network in routers of said common data packet communication network based on the virtual private network identification number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mannesmann AG (Vodafone Group PLC)
Original Assignee
Mannesmann AG (Vodafone Group PLC)
Inventors
Oberheim, Helmut, Hies, Markus, Le Goff, Herve, Schambach, Michael, Haertelt, Norbert
Primary Examiner(s)
Yao, Kwang Bin
Assistant Examiner(s)
Harper, Kevin C.

Application Number

US09/041,292
Time in Patent Office

1,622 Days
Field of Search

370/389, 370/390, 370/392, 370/393, 370/395, 370/396, 370/398, 370/400, 370/401, 370/402, 709/227, 709/229
US Class Current

370/389
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Process and apparatus for the operation of virtual private networks on a common data packet communication network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Process and apparatus for the operation of virtual private networks on a common data packet communication network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links