System and method for managing interworking communications protocols

US 7,574,495 B1
Filed: 09/13/2000
Issued: 08/11/2009
Est. Priority Date: 09/13/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computerized method for managing interworking protocols comprising the following computer-implemented steps:

reading a predetermined policy definition from a computer-readable media;

a service management system (SMS), operable to automatically configure and control operation of service processing switches, communicatively coupled with a plurality of service processing switches of a service provider, provisioning a first interface of a first service processing switch of the plurality of service processing switches, the first interface associated with a first site of a subscriber of a service provider based upon parameters provided from the predetermined policy definition, said first interface configured to communicate data in accordance with a first protocol, the parameters including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval;

the SMS provisioning a transport network to provide a transport between the first interface and a second interface of a second service processing switch associated with a second site of the subscriber, the transport network communicating in accordance with a second protocol;

the SMS provisioning a second interface of the second service processing switch, said second interface configured to communicate data in accordance with the first protocol;

the SMS creating a first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) including a first virtual router (VR) corresponding to the first interface and a second VR corresponding to the second interface;

the SMS provisioning a private virtual circuit (PVC) between the first service processing switch and the second service processing switch with the transport network; and

the first service processing switch and the second service processing switch securely communicating data between the first site and the second site via the PVC by encapsulating header and payload information of the first protocol within protocol data units (PDUs) of the second protocol and encrypting and authenticating PDUs exchanged between the first service processing switch and the second service processing switch.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method for managing interworking protocols applies policies that aid in provisioning a first interface, having a first protocol, a transport network having a second protocol, a virtual circuit within the transport network; and a second interface, having the same protocol as the first.

142 Citations

View as Search Results

42 Claims

1. A computerized method for managing interworking protocols comprising the following computer-implemented steps:
- reading a predetermined policy definition from a computer-readable media;
  
  a service management system (SMS), operable to automatically configure and control operation of service processing switches, communicatively coupled with a plurality of service processing switches of a service provider, provisioning a first interface of a first service processing switch of the plurality of service processing switches, the first interface associated with a first site of a subscriber of a service provider based upon parameters provided from the predetermined policy definition, said first interface configured to communicate data in accordance with a first protocol, the parameters including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval;
  
  the SMS provisioning a transport network to provide a transport between the first interface and a second interface of a second service processing switch associated with a second site of the subscriber, the transport network communicating in accordance with a second protocol;
  
  the SMS provisioning a second interface of the second service processing switch, said second interface configured to communicate data in accordance with the first protocol;
  
  the SMS creating a first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) including a first virtual router (VR) corresponding to the first interface and a second VR corresponding to the second interface;
  
  the SMS provisioning a private virtual circuit (PVC) between the first service processing switch and the second service processing switch with the transport network; and
  
  the first service processing switch and the second service processing switch securely communicating data between the first site and the second site via the PVC by encapsulating header and payload information of the first protocol within protocol data units (PDUs) of the second protocol and encrypting and authenticating PDUs exchanged between the first service processing switch and the second service processing switch.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computerized method of claim 1, wherein the first protocol comprises a frame relay protocol.
  - 3. The computerized method of claim 1, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 4. The computerized method of claim 1, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 5. The computerized method of claim 1, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.
  - 6. The computerized method of claim 1, wherein said provisioning a transport network utilizes the parameters from the predetermined policy definition.
  - 7. The computerized method of claim 1, wherein said provisioning a PVC utilizes the parameters from the predetermined policy definition.
  - 8. The computerized method of claim 1, wherein said provisioning a second interface utilizes the parameters from the predetermined policy definition.

9. A service processing system comprising:
- a first service processing switch including a plurality of processing elements;
  
  a second service processing switch including a plurality of processing elements;
  
  a service management system (SMS), operable to automatically configure and control operation of service processing switches, of a service provider communicably coupled to the first service processing switch and the second service processing switch and operable to;
  
  read a predetermined policy definition from a computer-readable media;
  
  provision a first interface of the first service processing switch, the first interface associated with a first site of a subscriber of the service provider, said provisioning using parameters provided from the predetermined policy definition, said first interface configured to communicate data in accordance with a first protocol, the parameters including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval;
  
  provision a second interface of the second service processing switch, the second interface associated with a second site of the subscriber, said second interface configured to communicate data in accordance with the first protocol;
  
  create a first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) including a first virtual router (VR) corresponding to the first interface and a second VR corresponding to the second interface;
  
  provision a private virtual circuit (PVC) between the first service processing switch and the second service processing switch with a transport network communicating in accordance with a second protocol; and
  
  wherein the first service processing switch and the second service processing switch securely communicate data between the first site and the second site via the PVC by encapsulating header and payload information of the first protocol within protocol data units (PDUs) of the second protocol and encrypting and authenticating PDUs exchanged between the first service processing switch and the second service processing switch.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The service processing system of claim 9, wherein the first protocol comprises a frame relay protocol.
  - 11. The service processing system of claim 9, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 12. The service processing system of claim 9, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 13. The service processing system of claim 9, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.
  - 14. The service processing system of claim 9, wherein provisioning the transport network utilizes the parameters from the predetermined policy definition.
  - 15. The service processing system of claim 9, wherein provisioning the PVC utilizes the parameters from the predetermined policy definition.
  - 16. The service processing system of claim 9, wherein provisioning the second interface utilizes the parameters from the predetermined policy definition.

17. A method for managing interworking protocols comprising the following computer-implemented steps:
- responsive to receiving information regarding desired service parameters, including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval from a predetermined policy definition, a service management system (SMS) of a service provider, which is operable to automatically configure and control operation of service processing switches, establishing a dedicated first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) for a subscriber of a plurality of subscribers of the service provider byprogrammatically establishing a first FPoSP virtual router (VR) on a first service processing switch residing within a first point of presence (POP) of a plurality of POPs of the service provider, the first VR associated with a first physical site of a plurality of physical sites of the subscriber, and configured to facilitate communication of data among the first physical site and other of the plurality of physical sites, wherein the first physical site and the first service processing switch exchange data in accordance with the first protocol,programmatically establishing a second FPoSP VR on second service processing switch residing within a second POP of the plurality of POPs, the second VR associated with a second physical site of the plurality of physical sites and configured to facilitate communication of data among the second physical site and other of the plurality of physical sites, wherein the second physical site and the second service processing switch exchange data in accordance with the first protocolprogrammatically establishing a third FPoSP VR on third service processing switch residing within a third POP of the plurality of POPs, the third VR associated with a third physical site of the plurality of physical sites and configured to facilitate communication of data among the third physical site and other of the plurality of physical sites, wherein the third physical site and the third service processing switch exchange data in accordance with the first protocol,programmatically forming connections between each of the first VR, the second VR and the third VR via a plurality of secure tunnels, andprogrammatically creating a transport between each of the first VR, the second VR and the third VR via a transport network interconnecting the first, second and third service processing switches via the second protocol; and
  
  establishing a Private Virtual Circuit (PVC) between the first service processing switch and the second service processing switch based on the service parameters, whereby a FPoSP connection is formed between the first service processing switch and the second service processing switch to enable secure FPoSP communications between the first physical site and the second physical site.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the first protocol comprises a frame relay protocol.
  - 19. The method of claim 17, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 20. The method of claim 17, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 21. The method of claim 17, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.

22. A computer-readable storage medium having stored thereon instructions, which when executed by one or more processors of a service management system (SMS) of a service provider that is operable to automatically configure and control operation of service processing switches, cause a method to be performed comprising the following computer-implemented steps:
- responsive to receiving information regarding desired service parameters, including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval from a predetermined policy definition, a service management system (SMS) of a service provider establishing a dedicated first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) for a subscriber of a plurality of subscribers of the service provider byprogrammatically establishing a first FPoSP virtual router (VR) on a first service processing switch residing within a first point of presence (POP) of a plurality of POPs of the service provider, the first VR associated with a first physical site of a plurality of physical sites of the subscriber, and configured to facilitate communication of data among the first physical site and other of the plurality of physical sites, wherein the first physical site and the first service processing switch exchange data in accordance with the first protocol,programmatically establishing a second FPoSP VR on second service processing switch residing within a second POP of the plurality of POPs, the second VR associated with a second physical site of the plurality of physical sites and configured to facilitate communication of data among the second physical site and other of the plurality of physical sites, wherein the second physical site and the second service processing switch exchange data in accordance with the first protocolprogrammatically establishing a third FPoSP VR on third service processing switch residing within a third POP of the plurality of POPs, the third VR associated with a third physical site of the plurality of physical sites and configured to facilitate communication of data among the third physical site and other of the plurality of physical sites, wherein the third physical site and the third service processing switch exchange data in accordance with the first protocol,programmatically forming connections between each of the first VR, the second VR and the third VR via a plurality of secure tunnels, andprogrammatically creating a transport between each of the first VR, the second VR and the third VR via a transport network interconnecting the first, second and third service processing switches via the second protocol; and
  
  establishing a Private Virtual Circuit (PVC) between the first service processing switch and the second service processing switch based on the service parameters, whereby a FPoSP connection is formed between the first service processing switch and the second service processing switch to enable secure FPoSP communications between the first physical site and the second physical site.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The computer-readable storage medium of claim 22, wherein the first protocol comprises a frame relay protocol.
  - 24. The computer-readable storage medium of claim 22, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 25. The computer-readable storage medium of claim 22, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 26. The computer-readable storage medium of claim 22, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.

27. A service processing system comprising:
- a first service processing means and a second service processing means, each including a plurality of processing elements for securely communicating data between a first site of a subscriber of a service provider and a second site of the subscriber; and
  
  a service management system (SMS), operable to automatically configure and control operation of service processing means communicably coupled to the first service processing means and the second service processing means forreading a predetermined policy definition from a computer-readable media;
  
  provisioning a first interface of the first service processing means, the first interface associated with the first site, said provisioning using parameters provided from the predetermined policy definition, said first interface configured to communicate data in accordance with a first protocol, the parameters including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval;
  
  provisioning a second interface of the second service processing means, the second interface associated with the second site, said second interface configured to communicate data in accordance with the first protocol;
  
  creating a first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) including a first virtual router (VR) corresponding to the first interface and a second VR corresponding to the second interface;
  
  provisioning a private virtual circuit (PVC) between the first service processing means and the second service processing means with a transport network communicating in accordance with a second protocol; and
  
  wherein the first service processing means and the second service processing means securely communicate data between the first site and the second site via the PVC by encapsulating header and payload information of the first protocol within protocol data units (PDUs) of the second protocol and encrypting and authenticating PDUs exchanged between the first service processing means and the second service processing means.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The service processing system of claim 27, wherein the first protocol comprises a frame relay protocol.
  - 29. The service processing system of claim 27, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 30. The service processing system of claim 27, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 31. The service processing system of claim 27, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.
  - 32. The service processing system of claim 27, wherein provisioning the transport network utilizes the parameters from the predetermined policy definition.
  - 33. The service processing system of claim 27, wherein provisioning the PVC utilizes the parameters from the predetermined policy definition.
  - 34. The service processing system of claim 27, wherein provisioning the second interface utilizes the parameters from the predetermined policy definition.

35. A computer-readable storage medium having tangibly embodied thereon instructions, which when executed by one or more processors of a service management system (SMS) of a service provider that is automatically operable to configure and control operation of service processing switches, cause a method to be performed comprising the following computer-implemented steps:
- reading a predetermined policy definition;
  
  provisioning a first interface of a first service processing switch of a plurality of service processing switches with which the SMS is communicatively coupled, the first interface associated with a first site of a subscriber of the service provider based upon parameters provided from the predetermined policy definition, said interface configured to communicate data in accordance with a first protocol, the parameters including a window size, a window timeout, a number of allowed bad events, an event window size and a keep-alive interval;
  
  provisioning a transport network to provide a transport between the first interface and a second interface of a second service processing switch associated with a second site of the subscriber, the transport network communicating in accordance with a second protocol;
  
  provisioning a second interface of the second service processing switch, said second interface configured to communicate data in accordance with the first protocol;
  
  creating a first-protocol-over-second-protocol (FPoSP) Virtual Private Network (VPN) including a first virtual router (VR) corresponding to the first interface and a second VR corresponding to the second interface;
  
  provisioning a private virtual circuit (PVC) between the first service processing switch and the second service processing switch with the transport network; and
  
  causing the first service processing switch and the second service processing switch to securely communicate data between the first site and the second site via the PVC by encapsulating header and payload information of the first protocol within protocol data units (PDUs) of the second protocol and encrypting and authenticating PDUs exchanged between the first service processing switch and the second service processing switch.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42)
- - 36. The computer-readable storage medium of claim 35, wherein the first protocol comprises a frame relay protocol.
  - 37. The computer-readable storage medium of claim 35, wherein the second protocol comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  - 38. The computer-readable storage medium of claim 35, wherein the second protocol comprises an Internet Protocol Security (IPSec) protocol.
  - 39. The computer-readable storage medium of claim 35, wherein the first protocol comprises an Asynchronous Transfer Mode (ATM) protocol.
  - 40. The computer-readable storage medium of claim 35, wherein said provisioning a transport network utilizes the parameters from the predetermined policy definition.
  - 41. The computer-readable storage medium of claim 35, wherein said provisioning a PVC utilizes the parameters from the predetermined policy definition.
  - 42. The computer-readable storage medium of claim 35, wherein said provisioning a second interface utilizes the parameters from the predetermined policy definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Rajagopalan, Nara
Primary Examiner(s)
Lin; Wen-Tai

Application Number

US09/663,457
Time in Patent Office

3,254 Days
Field of Search

709/200, 709/230, 370/469, 370/467, 370/466, 370/465, 370/464, 370/395.52, 370/395.61, 370/389
US Class Current

709/223
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

H04L 69/18 Multiprotocol handlers, e.g...

System and method for managing interworking communications protocols

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

142 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing interworking communications protocols

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

142 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links