Extranet workgroup formation across multiple mobile virtual private networks

US 7,155,518 B2
Filed: 01/08/2001
Issued: 12/26/2006
Est. Priority Date: 01/08/2001
Status: Expired

First Claim

Patent Images

1. A mobile routing system, comprising:

a mobile node;

a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and

memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;

detecting movement of the mobile node between the plurality of sinks in the computer network; and

maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol, wherein the reactive routing protocol is extended by a proactive routing update for the one or more active peers upon detecting movement of the mobile node from an old sink to a new sink, andwherein one or more replies to a route request sent from the new sink establishes a bi-directional, optimal path between the mobile node and one or more of the active peers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention describes a network-based mobile workgroup system allowing a selected set of users from two or more mobile virtual private networks to form an extranet workgroup in a secure manner. The invention is based on the limited private address scenario, which entitles mobile nodes having private, possibly overlapping, addresses as defined in RFC 1918, while home and foreign agents have public IP addresses. Each home agent is dedicated to one mobile virtual private network (M-VPN), while a foreign agent may be shared by multiple M-VPNs. The system also entails a mobile service manager that has a public IP address and a set of mobile nodes that all have a UFQDN (user fully qualified domain name) within the overall mobile workgroup system.

The main benefits, compared to existing solution for extranet workgroup creation, are that extranets can be created despite overlapping address realms. Even fine-granular workgroups within the extranet can be created with any set of users from any set of M-VPNs. The mobility aspect of the M-VPN fits well for supporting peer-to-peer applications, such as voice over IP, between mobile clients. Although the mobile clients may belong to different M-VPNs, with different address realms, per packet authentication and filtering is always possible to perform by the ingress M-VPN security gateway using a realm-indexed filtering technique. Finally, the responsibility for allocating resources, to be reached by an extranet workgroup, is completely delegated to each M-VPN.

277 Citations

29 Claims

1. A mobile routing system, comprising:
- a mobile node;
  
  a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and
  
  memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;
  
  detecting movement of the mobile node between the plurality of sinks in the computer network; and
  
  maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol, wherein the reactive routing protocol is extended by a proactive routing update for the one or more active peers upon detecting movement of the mobile node from an old sink to a new sink, andwherein one or more replies to a route request sent from the new sink establishes a bi-directional, optimal path between the mobile node and one or more of the active peers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The routing system of claim 1, wherein the reactive routing protocol includes an Ad-hoc On-Demand Distance Vector (AODV) protocol.
  - 3. The routing system of claim 2, wherein the mobile node transmits an initial message to the new sink with a destination sequence number set equal to a destination sequence number of a last registration reply that was distributed via the old sink.
  - 4. The routing system of claim 3, wherein the new sink treats the message as an indication that the mobile node is requesting the new sink to act as the mobile node'"'"'s ingress router in the network.
  - 5. The routing system of claim 4, wherein the new sink transmits an unsolicited route reply toward the old sink if the new sink has an existing route toward the mobile node in a routing table of the new sink and if the destination sequence number is the same for the route as the one received from the mobile node in the initial message.
  - 6. The routing system of claim 5, wherein the new sink sends a route request with a destination sequence number set to the same value as the sequence number received from the mobile node in the initial message.
  - 7. The routing system of claim 6, wherein the old sink or a mobility router along a path to the old sink, responds with a route reply message.
  - 8. The routing system of claim 7, wherein the new sink sends an unsolicited route reply message for the mobile node destination with the route request source IP address set to the old sink and the destination sequence number incremented by one.
  - 9. The routing system of claim 8, wherein the old sink and one or more mobility routers along the path to the old sink and one or more mobility routers along a path to the new sink are updated with a new route having a preferred destination sequence number.
  - 10. The routing system of claim 9, wherein the old sink forwards packets destined to the mobile node along a route via the new sink.
  - 11. The routing system of claim 10, wherein a route reply is sent from the old sink via the new sink to the mobile node to indicate that a handover procedure has been successful and wherein the new sink sends a route error to the mobile node if it cannot reach the old sink.
  - 12. The routing system of claim 11, wherein the mobile node migrates a forwarding of datagrams from a link of the old sink to a link of the new sink.
  - 13. The routing system of claim 12, wherein the mobile node determines an optimized path toward active peers by initiating route requests toward the active peers.
  - 14. The routing system of claim 13, wherein a source sequence number in the route request to an active peer is set equal to the new destination sequence number of the mobile node.
  - 15. The routing system of claim 1, wherein a mobile service router sink also acts as a proxy for mobility routing protocol exchanges between the mobile node and the network in that the mobile service router sink initiates a route request on behalf of the mobile node upon receipt of a datagram from the mobile node not compliant with an adhoc routing protocol applied in the computer network.
  - 16. The routing system of claim 15, wherein the mobile node uses a Dynamic Host Configuration Protocol (DHCP) request as an initial message to the new sink.
  - 17. The routing system of claim 16, wherein the DHCP request includes the mobile node'"'"'s IP address and authenticator.
  - 18. The routing system of claim 17, wherein the mobile router sink maps the DHCP request to at least one of a RADIUS request or a DIAMETER request further sent to a mobile service manager for authentication.
  - 19. The routing system of claim 18, wherein the mobile router sink initiates a route request on behalf of the mobile node upon receipt of a datagram from the mobile node.
  - 20. The routing system of claim 19, wherein the mobile router sink buffers received datagrams until a path is established to a destination of the datagrams.
  - 21. The routing system of claim 1, wherein a source of a route reply is configured to initiate a gratuitous route reply toward the source in order to provide continuous streaming of datagrams for active application sessions.
  - 22. The routing system of claim 21, wherein the source of the route reply sends the gratuitous route reply if a life time of the route is expiring within a configured number of seconds and datagrams are received along a path between the mobile node and the one or more active peers.

23. A mobile routing system, comprising:
- a mobile node;
  
  a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and
  
  memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;
  
  detecting movement of the mobile node between the plurality of sinks in the computer network; and
  
  maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol,wherein the reactive routing protocol includes an Ad-hoc On-Demand Distance Vector (AODV) protocol,wherein the routing system is further configured to extend the reactive protocol with a proactive routing update for the one or more active peers upon detecting movement of the mobile node from an old sink to a new sink,wherein the mobile node transmits an initial message to the new sink with a destination sequence number set equal to a destination sequence number of a last registration reply that was distributed via the old sink,wherein the new sink treats the message as an indication that the mobile node is requesting the new sink to act as the mobile node'"'"'s ingress router in the routing system network,wherein the new sink transmits an unsolicited route reply toward the old sink if it has an existing route toward the mobile node in a routing table of the new sink end if the destination sequence number is the same for the route as the one received from the mobile node in the initial message,wherein the new sink sends a route request with a destination sequence number set to the same value as the sequence number received from the mobile node in the initial message,wherein the old sink or a mobility router along a path to the old sink, responds with a route reply message,wherein the new sink sends an unsolicited route reply message for the mobile node destination with the route request source IP address set to the old sink and the destination sequence number incremented by one,wherein the old sink and one or more mobility routers along the path to the old sink and one or more mobility routers alone a path to the new sink are updated with a new route having a preferred destination sequence number,wherein the old sink forwards packets destined to the mobile node along a route via the new sink,wherein a route reply is sent from the old sink via the new sink to the mobile node to indicate that a handover procedure has been successful and wherein the new sink sends a route error to the mobile node if it cannot reach the old sink,wherein the mobile node migrates a forwarding of datagrams from a link of the old sink to a link of the new sink,wherein the mobile node determines an optimized path toward active peers by initiating route requests toward the active peers,wherein a source sequence number in the route request to an active peer is set equal to the new destination sequence number of the mobile node, andwherein one or more replies to the route request establishes a bi-directional, optimal path between the mobile node and the one or more active peers.

24. A mobile routing system, comprising:
- a mobile node;
  
  a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and
  
  memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;
  
  detecting movement of the mobile node between the plurality of sinks in the computer network; and
  
  maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol,wherein weights are assigned to neighbor hops in order to limit broadcast route requests when applying an expanding ring search algorithm in a reactive routing protocol.
- View Dependent Claims (25, 26, 27)
- - 25. The routing system of claim 24, wherein a weight for a hop can be administratively configured on a mobile router.
  - 26. The routing system of claim 25, wherein a sum of weights from a source IP address of a request to the mobile router is used to select a path.
  - 27. The routing system of claim 26, wherein mobile routers to which an expanding ring search route request is sent is limited to one or more mobile routers that have the lowest sum of weights from the source IP address of the request to a candidate neighbor mobile router.

28. A mobile routing system, comprising:
- a mobile node;
  
  a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and
  
  memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;
  
  detecting movement of the mobile node between the plurality of sinks in the computer network; and
  
  maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol,wherein a source of a route reply is configured to initiate a gratuitous route reply toward the source in order to provide continuous streaming of datagrams for active application sessions,wherein the source of the route reply sends the gratuitous route reply if a life time of the route is expiring within a configured number of seconds and datagrams are received along a path between the mobile node and the one or more active peers, andwherein the configured number of seconds triggering gratuitous route reply from the route reply source is larger than a configured number of seconds left on the route lifetime triggering a new route request from the route request source.

29. A mobile routing system, comprising:
- a mobile node;
  
  a plurality of sinks in a computer network, the plurality of sinks including a plurality of mobile routers; and
  
  memory storing computer readable instructions, that, when executed by the processor, cause the routing system to perform a method that includes the steps of;
  
  detecting movement of the mobile node between the plurality of sinks in the computer network; and
  
  maintaining a connection by maintaining a stable IP address for the mobile node and sustaining, without packet loss, one or more active application sessions between the mobile node and one or more active peers upon detecting movement of the mobile node in accordance with a predefined reactive routing protocol,wherein a source of a route reply is configured to initiate a gratuitous route reply toward the source in order to provide continuous streaming of datagrams for active application sessions,wherein the source of the route reply sends the gratuitous route reply if a life time of the route is expiring within a configured number of seconds and datagrams are received along a path between the mobile node and the one or more active peers, andwherein the gratuitous route reply is unicast along a spanning tree created for active sessions towards a destination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nytell Software LLC (Intellectual Ventures LLC)
Original Assignee
Interactive People Unplugged AB
Inventors
Forslöw, Jan
Primary Examiner(s)
PWU, JEFFREY C

Application Number

US09/755,027
Publication Number

US 20020133534A1
Time in Patent Office

2,178 Days
Field of Search

709/238, 709242-249, 709/227, 709/250, 709/223, 709/201, 709/205, 370/251, 370/252, 370/401, 370/329, 370/352, 370/390, 455/403, 455/461, 455/451
US Class Current

709/227
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/062   for key distribution, e.g. ...

H04L 63/104   Grouping of entities

H04L 63/164   at the network layer

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04W 12/04   Key management, e.g. using ...

H04W 36/0011   for data sessions of end-to...

H04W 36/0019   adapted for mobile IP [MIP]

H04W 40/246   Connectivity information di...

H04W 40/248   Connectivity information up...

H04W 40/26   for hybrid routing by combi...

H04W 40/36   due to handover

H04W 8/26   Network addressing or numbe...

H04W 80/04   Network layer protocols, e....

Extranet workgroup formation across multiple mobile virtual private networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

277 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Extranet workgroup formation across multiple mobile virtual private networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

277 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links