Techniques for zero touch provisioning of edge nodes for a virtual private network by pushing configuration from a server

US 7,420,933 B2
Filed: 06/02/2005
Issued: 09/02/2008
Est. Priority Date: 02/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:

storing configuration data at a server on a host computer on a provider network,determining without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node; and

if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure a particular interface without human intervention for a particular virtual private network over the provider network based on the configuration data,wherein;

the provider network is a packet-switched network;

the particular virtual private network is a link layer virtual private network;

the particular node is different from the host; and

the particular interface is for a direct communication link to a customer network node outside the provider network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data. The particular node is different from the host. These techniques allow changes in configuration data to be pushed to provider edge nodes without human intervention.

Citations

27 Claims

1. A method for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:
- storing configuration data at a server on a host computer on a provider network,determining without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node; and
  
  if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the particular node to cause the particular node to configure a particular interface without human intervention for a particular virtual private network over the provider network based on the configuration data,wherein;
  
  the provider network is a packet-switched network;
  
  the particular virtual private network is a link layer virtual private network;
  
  the particular node is different from the host; and
  
  the particular interface is for a direct communication link to a customer network node outside the provider network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as recited in claim 1, wherein the particular interface is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 3. A method as recited in claim 1, wherein the particular interface is a physical circuit.
  - 4. A method as recited in claim 1, wherein the configuration data sent to the particular node is less than all configuration data for provisioning all interfaces on the particular node.
  - 5. A method as recited in claim 1, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a change is made to a parameter that describes a level of service on a tunnel from the particular node to another edge node at an edge of the provider network.
  - 6. A method as recited in claim 1, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a different edge node at an edge of the provider network, which is different from the particular node, has been added or removed from the particular virtual private network.
  - 7. A method as recited in claim 1, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a simple network management protocol (SNMP) set command is received at the server.
  - 8. A method as recited in claim 1, wherein the server is a Remote Authentication Dial In User Service (RADIUS) Server.
  - 9. A method as recited in claim 8, said step of sending the configuration data further comprises sending a RADIUS change of authorization request that includes a RADIUS attribute for a virtual private network identification that indicates the particular virtual private network on the provider network.
  - 10. A method as recited in claim 8, said step of sending the configuration data further comprises sending a RADIUS change of authorization request that includes a RADIUS attribute for an attachment identification that indicates both an identification for the particular virtual private network to which the particular interface belongs and an interface identification that uniquely indicates the particular interface among interfaces that belong to the particular virtual private network.
  - 11. A method as recited in claim 8, wherein the configuration data includes a RADIUS attribute for a different node on the edge of the provider network that is different from the particular node and that is included in the particular virtual private network.
  - 12. A method as recited in claim 8, wherein the configuration data includes a RADIUS attribute for a tunnel from the particular node to a different node on the edge of the provider network.
  - 13. A method as recited in claim 1, wherein the server is a Simple Network Management Protocol (SNMP) Server.

14. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising the steps of:
- means for storing configuration data at a server on a host computer on a provider network,means for determining without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node; and
  
  means for sending the configuration data to the particular node to cause the particular node to configure a particular interface without human intervention for a particular virtual private network over the provider network based on the configuration data, if it is determined that conditions are satisfied for sending the configuration data,wherein;
  
  the provider network is a packet-switched network;
  
  the particular virtual private network is a link layer virtual private network;
  
  the particular node is different from the host; and
  
  the particular interface is for a direct communication link to a customer network node outside the provider network.

15. An apparatus for configuring a network interface on an intermediate network node at an edge of a provider network to support a virtual private network, comprising:
- a network interface that is coupled to a provider network for communicating therewith a data packet;
  
  one or more processors;
  
  a computer-readable medium; and
  
  one or more sequences of instructions stored in the computer-readable medium, which, when executed by the one or more processors, causes the one or more processors to carry out the step of;
  
  storing configuration data on the computer-readable medium;
  
  determining without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node; and
  
  if it is determined that conditions are satisfied for sending the configuration data, then sending the configuration data to the different node to cause the different node to configure a particular interface without human intervention for a particular virtual private network over the provider network based on the configuration data,wherein;
  
  the provider network is a packet-switched network;
  
  the particular virtual private network is a link layer virtual private network; and
  
  the particular interface is for a direct communication link to a customer network node outside the provider network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. An apparatus as recited in claim 15, wherein the particular interface is a virtual circuit of a plurality of virtual circuits on the same physical circuit.
  - 17. An apparatus as recited in claim 15, wherein the particular interface is a physical circuit.
  - 18. An apparatus as recited in claim 15, wherein the configuration data sent to the particular node is less than all configuration data for provisioning all interfaces on the particular node.
  - 19. An apparatus as recited in claim 15, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a change is made to a parameter that describes a level of service on a tunnel from the particular node to another edge node at an edge of the provider network.
  - 20. An apparatus as recited in claim 15, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a different edge node at an edge of the provider network, which is different from the particular node, has been added to the particular virtual private network or removed from the particular virtual private network.
  - 21. An apparatus as recited in claim 15, said step of determining whether conditions are satisfied for sending the configuration data further comprising determining whether a simple network management protocol (SNMP) set command is received.
  - 22. An apparatus as recited in claim 15, wherein execution of the one or more sequences of instructions further causes the one or more processors to performs functions of a Remote Authentication Dial In User Service (RADIUS) Server.
  - 23. An apparatus as recited in claim 22, said step of sending the configuration data further comprises sending a RADIUS change of authorization request that includes a RADIUS attribute for a virtual private network identification that indicates the particular virtual private network on the provider network.
  - 24. An apparatus as recited in claim 22, said step of sending the configuration data further comprises sending a RADIUS change of authorization request that includes a RADIUS attribute for an attachment identification that indicates both an identification for the particular virtual private network to which the particular interface belongs and an interface identification that uniquely indicates the particular interface among interfaces that belong to the particular virtual private network.
  - 25. An apparatus as recited in claim 22, wherein the configuration data includes a RADIUS attribute for a different node on the edge of the provider network that is different from the particular node and that is included in the particular virtual private network.
  - 26. An apparatus as recited in claim 22, wherein the configuration data includes a RADIUS attribute for a tunnel from the particular node to a different node on the edge of the provider network.
  - 27. An apparatus as recited in claim 15, wherein execution of the one or more sequences of instructions further causes the one or more processors to performs functions of a Simple Network Management Protocol (SNMP) Server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Luo, Wei, Townsley, William Mark, Booth, Earl Hardin III, Weber, Greg
Primary Examiner(s)
Nguyen; Chau T.
Assistant Examiner(s)
SMITH, MARCUS

Application Number

US11/143,546
Publication Number

US 20060187854A1
Time in Patent Office

1,188 Days
Field of Search

None
US Class Current

370/254
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4691   GVRP [GARP VLAN registratio...

H04L 41/08   Configuration management of...

H04L 41/0806   for initial configuration o...

H04L 41/0843   based on generic templates

H04L 41/0889   Techniques to speed-up the ...

H04L 41/0895   Configuration of virtualise...

H04L 43/0811   by checking connectivity

Techniques for zero touch provisioning of edge nodes for a virtual private network by pushing configuration from a server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for zero touch provisioning of edge nodes for a virtual private network by pushing configuration from a server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links