×

Method of providing an encrypted multipoint VPN service

  • US 7,590,123 B2
  • Filed: 11/22/2005
  • Issued: 09/15/2009
  • Est. Priority Date: 11/22/2005
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of providing an encrypted multipoint Virtual Private Network (VPN) service comprising:

  • receiving a first packet of a plurality of packets at an ingress Provider Edge (PE) router in a network including a hub and an egress PE router, the plurality of packets destined for a remote server in communication with said egress PE router;

    performing a lookup at said ingress PE router for a destination prefix of said first packet, and determining that a next-hop for said first packet is reachable through a tunnel;

    sending, by said ingress PE router, a resolution request to said hub to acquire a routable Internet Protocol (IP) address associated with said egress PE router;

    encapsulating, encrypting and sending a first subset of said plurality of packets to said hub, said first subset of said plurality of packets including packets received until a resolution reply is received by said ingress PE router and until Security Associations (SAs) have been exchanged between said ingress PE router and said egress PE router, said first subset of said plurality of packets carrying a bit set in a header indicating that said header includes a tunnel IP address of said egress PE router which should be used for forwarding said first subset of said plurality of packets;

    receiving a resolution reply from said hub at said ingress PE router;

    updating a next-hop cache of said ingress PE router;

    exchanging IPSec SAs with said egress PE router;

    updating an FIB entry with said SAs; and

    establishing the VPN between said egress PE router and said ingress PE router, and forwarding a second subset of said plurality of packets including all packets subsequent to the first subset of said plurality of packets destined for said egress PE router directly towards said egress PE router across said VPN established between said egress PE router and said ingress PE router.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×