Technique and apparatus for using node ID as virtual private network (VPN) identifiers
First Claim
1. A method of routing packets from a first network node to a second network node in a data network, the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by the first and second nodes to communicate with the Head End device, said first and second nodes being members of a first Virtual Private Network (VPN), said first VPN being associated with at least one first VPN customer edge device, said method comprising:
- assigning an ID to the first node that is associated with at least one VPN, wherein the ID is assigned by an entity other than the first node;
receiving a packet from the first node, said packet including the ID associated with said first node, and including routing information for routing said packet to a destination address associated with said second node;
examining the packet to identify the ID of the first node; and
using said first node ID to determine whether said first node is associated with at least one VPN.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique is provided for managing VPN packet flows over shared access data networks. Each node in the shared access network typically has an identifier or ID associated with it which is used at a Head End of the shared access network to uniquely identify that particular node from the other nodes in the network. According to the technique of the present invention, the node ID may be used at the Head End of the network to identify not only the corresponding node, but also to identify any virtual private networks (VPNs) of which the corresponding node is a member. Using the technique of the present invention, nodes which are members of the same VPN within a shared access network may exchange packets in a manner which does not require the packets to be routed outside the shared access network.
383 Citations
79 Claims
-
1. A method of routing packets from a first network node to a second network node in a data network, the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by the first and second nodes to communicate with the Head End device, said first and second nodes being members of a first Virtual Private Network (VPN), said first VPN being associated with at least one first VPN customer edge device, said method comprising:
-
assigning an ID to the first node that is associated with at least one VPN, wherein the ID is assigned by an entity other than the first node;
receiving a packet from the first node, said packet including the ID associated with said first node, and including routing information for routing said packet to a destination address associated with said second node;
examining the packet to identify the ID of the first node; and
using said first node ID to determine whether said first node is associated with at least one VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
a reference to said first VPN; and
a range of node addresses associated with said first VPN.
-
-
5. The method of claim 2 further comprising routing the packet to the second node in a manner that does not cause the packet to be routed through the first VPN customer edge device.
-
6. The method of claim 2 further comprising routing the packet to the second node in a manner that does not cause the packet to be routed outside the access network.
-
7. The method of claim 1 wherein said method is implemented at the Head End device.
-
8. The method of claim 1, wherein the network on which the first and second network nodes reside is a cable network.
-
9. The method of claim 8 wherein said first and second nodes are cable modems.
-
10. The method of claim 8 wherein said Head End device includes at least one cable modem termination system (CMTS), and wherein the method is implemented on said at least one CMTS.
-
11. The method of claim 1, wherein the ID of the first node is specific to the network on which the first and second network nodes reside.
-
12. The method of claim 11, wherein the ID of the first node is a DOCSIS Service ID for the first node.
-
13. The method of claim 11, wherein the ID is a MAC address of the first node.
-
14. The method of claim 11, wherein the ID is an IP address associated with the first node.
-
15. The method of claim 1, wherein using said first node ID to determine whether said first node is associated with at least one VPN comprises locating the ID in a list of IDs and noting at least one corresponding virtual private network associated with said ID.
-
16. The method of claim 1, wherein the virtual private network uses a Multiprotocol Label Switching Protocol (MPLS).
-
17. A method of associating nodes in a data network with at least one virtual private network (VPN), the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by a first and a second node of the plurality of nodes to communicate with the Head End device, said method comprising:
-
assigning an address to the first node that is associated with at least one VPN, wherein the address is assigned by an entity other than the first node;
receiving a communication from the first node in the access network;
identifying the address of the first node, wherein the address is specific to the network on which the first node resides; and
using said address to determine whether said first node is associated with at least one VPN. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method of associating nodes in a data network with at least one virtual private network (VPN), the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by a first and a second node of the plurality of nodes to communicate with the Head End device, said method comprising:
-
determining whether said first node is a member of at least one VPN; and
if it is determined that said first node is a member of at least one VPN, binding an ID of said node with said VPN to thereby cause said first node to be associated with said VPN, wherein the ID is bound with the node by an entity other than the node. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
receiving at said Head End device a packet from said first node, said packet including a destination address corresponding to a second node in the network;
examining said packet to identify the ID of said first node; and
using said ID at said Head End device to determine whether said first node is a member of at least one VPN.
-
-
28. The method of claim 27 further comprising:
if it is determined that said first node is a member of a first VPN, determining at said Head End device whether the destination address of said packet is within said first VPN.
-
29. The method of claim 27 further comprising routing the packet to the second node in a manner that does not cause the packet to be routed through a VPN customer edge device associated with the VPN.
-
30. The method of claim 27 further comprising routing the packet to the second node in a manner that does not cause the packet to be routed outside the access network.
-
31. The method of claim 22 wherein said method is implemented at the Head End device.
-
32. The method of claim 22, wherein the network on which the first and second network nodes reside is a cable network, and wherein said first and second nodes are cable modems residing on the cable network.
-
33. The method of claim 32 wherein said Head End device includes at least one cable modem termination system (CMTS), and wherein the method is implemented on said at least one CMTS.
-
34. The method of claim 22, wherein the ID of the first node is specific to the network on which the first and second network nodes reside.
-
35. The method of claim 34, wherein the ID of the first node is a DOCSIS Service ID for the first node.
-
36. The method of claim 34, wherein the ID is a MAC address of the first node.
-
37. The method of claim 34, wherein the ID is an IP address associated with the first node.
-
38. The method of claim 22, wherein said Head End includes a list of IDs assigned to respective nodes in said network, and wherein said binding includes providing a pointer from a reference designating the first node ID in said list of IDs to a reference to the at least one VPN of which the first node is a member.
-
39. The method of claim 27 wherein said using said ID to determine device whether said first node is a member of at least one VPN includes locating the first node ID in a list of IDs and noting at least one corresponding VPN associated with said first node.
-
40. The method of claim 22, wherein the virtual private network uses a Multiprotocol Label Switching Protocol (MPLS).
-
41. A method of configuring a Head End of an access network to route packets from a first node to a second node in the access network, the access network including at least one shared access channel utilized by a plurality of nodes in the access network to communicate with the Head End, the Head End including a plurality of sub-interfaces for managing virtual private network (VPN) traffic over the access network, the first and second nodes being members of a first Virtual Private Network (VPN), the method comprising:
-
associating particular network nodes on the access network with at least one corresponding virtual private network;
assigning to the first node an ID specific to the access network, wherein the ID is assigned to the first node by an entity other than the first node; and
associating the assigned ID with the first VPN to thereby cause the first node to be associated with the first VPN. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A computer program product for associating nodes in a data network with at least one virtual private network (VPN), the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by a first and a second node of the plurality of nodes to communicate with the Head End device, the computer program product comprising:
-
a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
computer code for determining whether said first node is a member of at least one VPN; and
computer code for binding an ID of said node with said VPN to thereby cause said first node to be associated with said VPN, if it is determined that said first node is a member said VPN, wherein the ID is bound with the node by an entity other than the node. - View Dependent Claims (52, 53, 54)
computer code for receiving at said Head End device a packet from said first node, said packet including a destination address corresponding to a second node in the network;
computer code for examining said packet to identify the ID of said first node; and
computer code for using said ID at said Head End device to determine whether said first node is a member of at least one VPN.
-
-
53. The computer program product of claim 52 further comprising computer code for routing the packet to the second node in a manner that does not cause the packet to be routed through a VPN customer edge device associated with the at least one VPN.
-
54. The computer program product of claim 52 further comprising computer code for routing the packet to the second node in a manner that does not cause the packet to be routed outside of the access network.
-
55. A computer program product for routing packets from a first network node to a second network node in a data network, the data network including at least one Head End device and a plurality of nodes, the network further including at least one shared access channel utilized by the first and second nodes to communicate with the Head End device, said first and second nodes being members of a first Virtual Private Network (VPN), said first VPN being associated with at least one first VPN customer edge device, said computer program product comprising:
-
a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
computer code for assigning an ID to the first node that is associated with at least one VPN wherein the ID is assigned by an entity other than the first node;
computer code for receiving a packet from the first node, said packet including the ID associated with said first node, and including routing information for routing said packed to a destination address associated with said second node;
computer code for examining the packet to identify the ID of the first node; and
computer code for using said first node ID to determine whether said first node is a member of at least one VPN. - View Dependent Claims (56, 57, 58)
-
-
59. A computer program product for associating nodes in a data network with at least one virtual private network (VPN), the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by a first and a second node of the plurality of nodes to communicate with the Head End device, the computer program product comprising:
-
a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
computer code for assigning an address to the first node that is associated with at least one VPN, wherein the address is assigned by an entity other than the first node, computer code for receiving a communication from the first node in the access network;
computer code for identifying the address of the first node, wherein the address is specific to the network on which the first node resides;
computer code for using said address to determine whether said first node is associated with at least one VPN. - View Dependent Claims (60, 61, 62, 63)
-
-
64. A Head End of an access network, the network comprising a plurality of nodes, including a first node and a second node, which communicate with the Head End via at least one shared access channel, the Head End comprising:
-
at least one processor;
memory in communication with said at least one processor; and
at least one interface for communicating with the plurality of nodes;
said Head End being configured or designed to manage Virtual Private Network (VPN) flows within said access network in a manner allowing routing of packets between at least two nodes in the network which are members of the same VPN, wherein the routing of a packet between said at least two nodes is accomplished without routing the packet outside the access network, wherein said management of VPN flows includes;
assigning a node ID to a first node that is associated with at least one VPN, wherein the ID is assigned by an entity other than the first node;
receiving a packet from the first node, said packet including the node ID associated with said first node, and including routing information for routing said packet to a destination address associated with a second node;
examining the packet to identify the node ID of the first node; and
using the node ID of the first node to determine whether said first node is associated with at least one VPN. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
a reference to a first VPN;
a range of node addresses associated with said first VPN; and
a next hop for routing packets associated with said first VPN.
-
-
70. The Head End of claim 64, wherein said memory is configured or designed to store interface/VPN mapping information, said sub-interface/VPN mapping information including information relating to:
-
a reference to a first VPN;
interface information associated with said first VPN, said interface information including a reference to a particular sub-interface associated with said first VPN; and
a range of node addresses associated with said first VPN.
-
-
71. The Head End of claim 68, wherein said memory is further configured or designed to store node ID-VPN mapping information linking a particular node ID to at least one VPN of which the corresponding particular node is a member.
-
72. The method of claim 71, wherein said node ID-VPN mapping information includes a pointer from a reference designating the particular node ID to a reference specifying the at least one VPN of which the particular node is a member.
-
73. The Head End of claim 71, wherein the node ID of the particular node is a DOCSIS Service ID for the particular node.
-
74. The Head End of claim 71, wherein the node ID is a MAC address of the particular node.
-
75. The Head End of claim 71, wherein the node ID is an IP address associated with the particular node.
-
76. The Head End of claim 64, wherein said memory is further configured or designed to store VPN routing information, said VPN routing information including a first field identifying at least one range of network addresses, and a second field identifying a next hop associated with said range of network addresses.
-
77. The Head End of claim 64 wherein said memory is further configured or designed to store VPN-interface information, said VPN-interface information including:
-
a first field identifying a first VPN;
a second field identifying a sub-interface associated with said first VPN; and
a third field identifying an address range associated with said first VPN.
-
-
78. The Head End of claim 64, wherein the Head End is further configured or designed to implement a VPN using a Multiprotocol Label Switching Protocol (MPLS).
-
79. An apparatus for routing packets from a first network node to a second network node in a data network, the data network including an access network having at least one Head End device and a plurality of nodes, the access network further including at least one shared access channel utilized by the first and second nodes to communicate with the Head End device, said first and second nodes being members of a first Virtual Private Network (VPN), said first VPN being associated with at least one first VPN customer edge device, said apparatus comprising:
-
means for assigning an ID to the first node that is associated with at least one VPN, wherein the ID is assigned by an entity other than the first node;
means for receiving a packet from the first node, said packet including the ID associated with said first node, and including routing information for routing said packet to a destination address associated with said second node;
means for examining the packet to identify the ID of the first node; and
using said first node ID to determine whether said first node is associated with at least one VPN.
-
Specification