Virtual private data network session count limitation
First Claim
1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a central database including group identifications, corresponding maximum numbers VPN sessions for each group, and corresonding network-wide VPN session counts for each group;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a predetermined number said corresponding maximum number of VPN sessions associated with said particular group.
2 Assignments
0 Petitions
Accused Products
Abstract
A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.
-
Citations
30 Claims
-
1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
-
maintaining a central database including group identifications, corresponding maximum numbers VPN sessions for each group, and corresonding network-wide VPN session counts for each group; responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a predetermined number said corresponding maximum number of VPN sessions associated with said particular group.
-
-
2. A local database checker associated with a particular PoP of a data communications network, the local database checker comprising:
-
a network inter-face for interfacing with the data communications network; and at least one computing device coupled to the network interface and configured to, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, check a local database associated with the PoP to determine if the user'"'"'s VPN session would exceed by a predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP, the local database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP. - View Dependent Claims (3, 4, 5)
-
-
6. A VPN session limiter associated with a particular PoP of a data communications network, the VPN session limiter comprising:
-
a network interface for interfacing with the data communications network; and at least one computing device coupled to the network interface and configured to, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group; check a local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP; and check the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group on the data communications network, the local database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP. - View Dependent Claims (7, 8, 9)
-
-
10. A network node associated with a particular PoP of a data communications network, the network node comprising:
-
a VPN start event publisher configured to publish VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing the user'"'"'s VPN session; and a data communications network current VPN session count incrementer associated with a local database and the user'"'"'s group and responsive to the user'"'"'s VPN session being allowed, the local database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP.
-
-
11. A network node associated with a particular PoP of a data communications network, the network node comprising:
-
a VPN start event publisher configured to publish VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing the user'"'"'s VPN session; a data communications network current VPN session count incrementer associated with a local database and the user'"'"'s group and responsive to allowing the user'"'"'s VPN session, the local database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP; a VPN session count decrementer associated with the local database and a user'"'"'s group and responsive to terminating the user'"'"'s VPN session; a VPN stop event publisher configured to publish VPN stop events corresponding to a user'"'"'s group to other subscribing PoPs in response to terminating the user'"'"'s VPN session; and a data communications network current VPN session count decrementer associated with the local database and the user'"'"'s group and responsive to terminating the user'"'"'s VPN session.
-
-
12. An apparatus for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, the apparatus comprising:
-
means for maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group; means for maintaining a local database associated with a particular PoP of the data communications network, the database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP; means for responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number the corresponding network-wide maximum number of VPN sessions associated with the particular group; means for rejecting the user'"'"'s attempt to initiate a VPN session if the user'"'"'s log in would exceed by the first predetermined number the corresponding network-wide maximum number of VPN sessions associated with the particular group; means for responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP; and means for rejecting the user'"'"'s attempt to initiate a VPN session if the user'"'"'s VPN session would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. An apparatus for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, the apparatus comprising:
-
means for maintaining a local database associated with a particular PoP of the data communications network, the database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and means for responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group on the data communications network. - View Dependent Claims (19, 20, 21)
-
-
22. An apparatus for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, the apparatus comprising:
-
means for maintaining a local database associated with a particular PoP of the data communications network, the database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; means for responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group on the data communications network; means for rejecting the user'"'"'s attempt to initiate a VPN session if the user'"'"'s VPN session would exceed by a first predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP or would exceed by a second predetermined number the corresponding maximum number of VPN sessions associated with the particular group on the data communications network; means for allowing the user'"'"'s VPN session if it is not rejected; means for incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing the user'"'"'s VPN session; publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing the user'"'"'s VPN session; and means for incrementing a data communications network current VPN session count associated with the user'"'"'s group at the local database in response to allowing the user'"'"'s VPN session. - View Dependent Claims (23, 24, 25)
-
-
26. An apparatus for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, the apparatus comprising:
-
means for maintaining a local database associated with a particular PoP of the data communications network, the database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP; and means for responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a predetermined number the corresponding maximum number of VPN sessions associated with the particular group at the PoP. - View Dependent Claims (27, 28, 29, 30)
-
Specification