Methods and apparatus for efficient VPN server interface, address allocation, and signaling with a local addressing domain

US 7,366,182 B2
Filed: 08/13/2004
Issued: 04/29/2008
Est. Priority Date: 08/13/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A communications method for use in a communications system including first and second addressing domains, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including a first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a virtual private network (VPN) coupling said first and second nodes, an upstream VPN interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node, the method comprising:

operating the first node to receive from said second node address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;

operating the first node, in response to receiving said address delegation information from the second node, to install a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier; and

operating the first node to receive a first packet including a source address having the value of the delegated address and information associating the source address with the second node, said first node selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received first packet.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to communications systems and, more particularly, to methods and apparatus for efficient address delegation and/or assignment and/or signaling in a virtual communications network, e.g., a network supporting virtual private networks (VPNs) and one or more addressing domains. The methods are well suited for systems such as mobile communications systems, where the number of mobile nodes in each of a plurality of visited domains can change on a relatively rapid time scale, so rendering static address delegation from the home to each visited domain highly inefficient. Address delegation may be undertaken in advance of address assignment requests from a visiting mobile node, or address delegation may be triggered by the address assignment request. Information update messages keep the home domain aware of the assignment status of its delegated addresses and can specifically trigger further delegations so that a number of unassigned delegated addresses is maintained.

82 Citations

View as Search Results

33 Claims

1. A communications method for use in a communications system including first and second addressing domains, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including a first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a virtual private network (VPN) coupling said first and second nodes, an upstream VPN interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node, the method comprising:
- operating the first node to receive from said second node address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;
  
  operating the first node, in response to receiving said address delegation information from the second node, to install a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier; and
  
  operating the first node to receive a first packet including a source address having the value of the delegated address and information associating the source address with the second node, said first node selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received first packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, further comprising:
    - operating the first node to receive a second packet including a source address having the value of the delegated address and information associating the source address with another node that is different to the second node, said first node selecting a different one of the plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received second packet to said another node.
  - 3. The method of claim 1, further including:
    - operating the first node to forward the first packet received over the first downstream interface over the upstream VPN interface determined using the selected forwarding entry.
  - 4. The method of claim 1, wherein the second packet is received over a second downstream interface, said first or second downstream interface being determined by information included with a received packet, said information including network identifiers including one of:
    - an MPLS (Multi Protocol Label Switching) label, a virtual circuit identifier, a frame source address and a frame destination address, the method further comprising;
      
      operating said first node to determine from said information included with a received packet a subset of forwarding entries at the first node associated with the second domain.
  - 5. The communications method of claim 1, wherein said communication system further includes a third node located in said first address domain, the third node being coupled to said first node, the method further comprising:
    - operating the third node to transmit an address assignment request message to said first node, said address assignment request message including a second domain identifier, said address assignment request message requesting assignment of an address corresponding to said second domain; and
      
      operating the first node to send an address delegation request message to the second domain in response to the reception of the address assignment request message.
  - 6. The communications method of claim 5, wherein said address assignment request message further includes address assignment property information indicating a property of the third node, said property information including one of:
    - authentication information for the purpose of authenticating the third node to the first or second node, the service class of the third node indicating the services provided to the third node, an address category indicator selecting between subsets of addresses such as public, private IPv4 and IPv6 addresses.
  - 7. The communications method of claim 6, wherein said first node includes in said address delegation request message constraint information obtained from said address assignment request message, said constraint information indicating a property of the third node, the method further comprising:
    - operating the second node to determine if the property of the third node indicated in said address delegation request message satisfies an address delegation constraint.
  - 8. The communications method of claim 7, wherein said second node declines to delegate an address when the second node determines an address delegation constraint is not satisfied.
  - 9. The communications method of claim 1, wherein said system further includes a third node in said first domain coupled to said first node, the method further comprising:
    - operating said first node to receive an address assignment request message from said third node, said address assignment request message including a second domain identifier which identifies said second domain;
      
      operating the first node to identify an unassigned delegated address corresponding to said second domain identifier; and
      
      operating the first node to assign the identified address corresponding to said second domain identifier to said third node in an address assignment message.
  - 10. The communication method of claim 9, further comprising:
    - operating the first node to transmit an address assignment information update message to said second node that includes update information about a delegated address, said update message further including assignment information about the third node that has been assigned said delegated address, said information including one of a third node identifier used to identify the third node to the second domain, information indicating a topological location of the third node in the first domain, and information indicating a geographical location of the third node in the first domain.
  - 11. The communication method of claim 1, further comprising:
    - operating the first node to transmit an address delegation state synchronization message to said second node including at least one of;
      
      the time that the first node last restarted, the amount of time that has elapsed since the first node last restarted, address delegation state synchronization information at the first node, a request for the second node to report the time that the second node last restarted, a request for the second node to report, to the first node, information indicating the amount of time that has elapsed since the second node last restarted, and a request for the second node to report the address delegation state synchronization information at the second node.
  - 12. The method of claim 1, wherein the selected forwarding entry associated with the first received packet further indicates that the source address of a received packet arriving on the first downstream interface is to be checked against the list of delegated addresses from the second node, the method further comprising:
    - operating the first node to drop a received packet when a source address in the received packet is different from any of the addresses included in the list of delegated addresses from the second node.
  - 13. The communications method of claim 1, wherein said communication system further includes a third node located in said first address domain, the third node being coupled to said first node, the method further comprising:
    - operating the first node to drop a received packet including the delegated address when said address is unassigned to said third node.
  - 14. The method of claim 1, wherein said communication system further includes a third node located in said first address domain, the third node being coupled to said first node, wherein the third node has a topological location in the first domain, said topological location being identified by an address assigned by an access node to which the third node is coupled, and wherein said forwarding entry includes the topological location of the third node that has been assigned said delegated address, the method further comprising:
    - operating the first node to receive a packet including a source address having the value of the delegated address and information associating the source address with the second node, the received packet further including the topological location of the packet originator; and
      
      operating the first node to drop said received packet if the location in the received packet is different from that included in said forwarding entry.
  - 15. The method of claim 1, wherein there is a predetermined relationship between the information in a received packet associating the source address of the received packet with the second node, and a value used as said upstream VPN interface identifier for forwarding to the second node.
  - 16. The method of claim 1, wherein said communication system further includes a third node located in said first address domain, the third node being coupled to said first node, the method further including:
    - operating the first node to assign to said third node an address delegated from the second node; and
      
      operating the first node to transmit an address assignment response message to the third node including said assigned address and said information that associates the source address of said packet with the second node.
  - 17. The method of claim 1, wherein said information that associates the source address of said packet with the second node is a multiplexing identifier used to distinguish a packet associated with the second node within an aggregate of IP packets being received at the first node.
  - 18. The method of claim 1, wherein said information that associates the source address of said packet with the second node is a multiplexing identifier used to distinguish a packet associated with a specific address category at the second node within an aggregate of IP packets being received at the first node.
  - 19. The method of claim 1, wherein said information that associates the source address of said packet with the second node is a destination address of the received packet that is an address of the first node that is used only in packets to be directed to the second node.
  - 20. The communications method of claim 1, further comprising:
    - operating the first node to transmit to said second node an address delegation request message requesting delegation of at least one address included in said second set of addresses, said second node transmitting said address delegation information message in response to reception of said address delegation request message.
  - 21. The communications method of claim 20, wherein said system further includes a third node in said first domain coupled to said first node, said third node storing information on a property of the third node, the method further comprising:
    - operating said first node to include in said address delegation request message, constraint information indicating a constraint that is associated with a property of said third node, said constraint being required by said first node to be satisfied before said first node assigns the address to the third node, said address being delegated in response to said address delegation request message.
  - 22. The method of claim 21, wherein the constraint information includes one of:
    - an identifier for the third node that was allocated by the second domain, authentication information for the purpose of authenticating the third node to the second node, the service class of the third node indicating the services provided to the third node.
  - 23. The method of claim 21, wherein the constraint information includes one of:
    - an address category indicator that identifies a sub-set of addresses at the second node and the topological location of the first node in the first domain, said topological location being an address assigned to the third node by an access node to which the third node is coupled.
  - 24. The communication method of claim 1, further comprising:
    - operating the first node to transmit a delegated address information update message to said second node, said update message including information on the status of the delegated addresses at the first node, said information including one of;
      
      a number indicating the total unallocated second domain addresses which were delegated to said first node, a number indicating the total unallocated second domain addresses which were delegated to said first node by said second node, a number indicating the total allocated second domain addresses which were delegated to said first node, and a number indicating the total allocated second domain addresses which were delegated to said first node by said second node.
  - 25. The communications method of claim 1, wherein said communication system further includes a third node located in said first address domain, the third node being coupled to said first node, wherein said address delegation information received from said second node indicates address assignment constraint information which is to be satisfied when said first node assigns an address indicated in said address delegation information to the third node.
  - 26. The method of claim 25, wherein the constraint information includes one of:
    - an identifier for the third node that was allocated, by the second domain, the service class of the third node indicating the services provided to the third node, an address category indicator identifying specific subsets of addresses delegated to the first node by the second node, and the topological location of the first node in the first domain.
  - 27. The communication method of claim 25, further comprising:
    - operating the first node to transmit a delegated address information update message to said second node, said update message including information on the status of the delegated addresses at the first node, said information including;
      
      a number of allocated second domain addresses. which are subject to a particular address allocation constraint and a number of unallocated second domain addresses which are subject to a particular address allocation constraint.

28. A communications system comprising:
- a first addressing domain and a second addressing domain, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including a first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a virtual private network (VPN) coupling said first and second nodes, an upstream VPN interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node;
  
  wherein the first node includes;
  
  means for receiving from said second node address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;
  
  means for, in response to receiving said address delegation information from the second node, installing a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier;
  
  means for receiving a first packet including a source address having the value of the delegated address and information associating the source address with the second node; and
  
  means for selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining anupstream VPN interface to be used to forward said received first packet.

29. A computer readable medium embodying machine executable instructions for controlling a communications device to implement a method in a communication system, the communication system including first and second addressing domains, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including a first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a Virtual Private Network coupling said first and second nodes, an upstream virtual private network (VPN) interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node, the method comprising:
- operating the first node to receive from said second node address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;
  
  operating the first node, in response to receiving said address delegation information from the second node, to install a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier; and
  
  operating the first node to receive a first packet including a source address having the value of the delegated address and information associating the source address with the second node, said first node selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received first packet.
- View Dependent Claims (30, 31)
- - 30. The computer readable medium of claim 29, wherein the method further comprises:
    - operating the first node to receive a second packet including a source address having the value of the delegated address and information associating the source address with another node that is different to the second node, said first node selecting a different one of the plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received second packet to said another node.
  - 31. The computer readable medium of claim 29, wherein the method further comprises:
    - operating the first node to forward the first packet received over the first downstream interface over the upstream VPN interface determined using the selected forwarding entry.

32. A processor configured to control a communications device to implement a method in a communication system, the communication system including first and second addressing domains, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including a first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a virtual private network (VPN) coupling said first and second nodes, an upstream VPN interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node, the method comprising:
- operating the first node to receive from said second node address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;
  
  operating the first node, in response to receiving said address delegation information from the second node, to install a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier; and
  
  operating the first node to receive a first packet including a source address having the value of the delegated address and information associating the source address with the second node, said first node selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received first packet.

33. A first node for use in a communications system including a first addressing domain and a second addressing domain, a first set of addresses corresponding to the first addressing domain, a second set of addresses corresponding to the second addressing domain, the first addressing domain including said first node, said first node including a plurality of interfaces, said second addressing domain including a second node, a virtual private network coupling said first and second nodes, an upstream Virtual Private Network (VPN) interface identifier that identifies an interface at said first node through which packets to be communicated over said VPN are forwarded to the second node, the first node comprising:
- an address delegation module for processing address delegation information received from said second node, address delegation information indicating at least one delegated address from said second set of addresses which said first node can assign;
  
  a management module for managing a forwarding entry, said forwarding entry associating a first node downstream interface with the first node upstream interface identified by said upstream VPN interface identifier;
  
  an input interface for receiving a first packet including a source address having the value of the delegated address and information associating the source address with the second node; and
  
  a forwarding module for selecting as a function of said information associating the source address with the second node which one of a plurality of forwarding entries to use in determining an upstream VPN interface to be used to forward said received first packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
O'Neill, Alan
Primary Examiner(s)
Kizou; Hassan
Assistant Examiner(s)
Moutaouakil; Mounir

Application Number

US10/918,262
Publication Number

US 20060034297A1
Time in Patent Office

1,355 Days
Field of Search

370/254, 370/389, 370/392, 370/395.53, 370/395.5, 370/395.31, 370/400, 370/428, 726/15
US Class Current

370/395.53
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5069   for group communication, mu...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

H04W 80/04   Network layer protocols, e....

Methods and apparatus for efficient VPN server interface, address allocation, and signaling with a local addressing domain

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for efficient VPN server interface, address allocation, and signaling with a local addressing domain

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links