Prioritized call admission control for internet key exchange
First Claim
1. A method for prioritizing the setup of a plurality of connections in a Virtual Private Network (VPN) serving a plurality of clients, the method comprising:
- providing an aggregation processor operative to perform functions associated with setting up and managing the connections;
predefining at least two Internet Security Association and Key Management Protocol (ISAKMP) client profiles for the VPN, wherein each ISAKMP client profile defines an association with a respective predetermined client category via an ISAKMP match identity command;
adding a priority command to the ISAKMP client profiles, the priority commands indicating a plurality of different priorities;
initiating, by the aggregation processor, connections in the VPN for at least two clients;
matching, by the aggregation processor, the at least two clients with respective profiles selected from the at least two ISAKMP predefined client profiles;
setting up, by the aggregation processor, the VPN connections for the at least two clients according to the priorities of the predefined ISAKMP client profiles.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for communication includes predefining two or more client profiles applicable to clients of a communication network. Virtual Private Network (VPN) connections are initiated between at least two of the clients and the network. At least two of the clients are matched with respective profiles selected from the two or more predefined client profiles. Priorities are assigned to packets exchanged between the at least two of the clients and the network responsively to the profiles. The VPN connections are set up for the at least two of the clients responsively to the priorities.
20 Citations
28 Claims
-
1. A method for prioritizing the setup of a plurality of connections in a Virtual Private Network (VPN) serving a plurality of clients, the method comprising:
-
providing an aggregation processor operative to perform functions associated with setting up and managing the connections; predefining at least two Internet Security Association and Key Management Protocol (ISAKMP) client profiles for the VPN, wherein each ISAKMP client profile defines an association with a respective predetermined client category via an ISAKMP match identity command; adding a priority command to the ISAKMP client profiles, the priority commands indicating a plurality of different priorities; initiating, by the aggregation processor, connections in the VPN for at least two clients; matching, by the aggregation processor, the at least two clients with respective profiles selected from the at least two ISAKMP predefined client profiles; setting up, by the aggregation processor, the VPN connections for the at least two clients according to the priorities of the predefined ISAKMP client profiles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. Apparatus for prioritizing the setup of a plurality of connections in a Virtual Private Network (VPN) serving a plurality of clients, the apparatus comprising:
-
a network interface arranged to communicate with the clients; and an aggregation processor coupled to the network interface and arranged; to accept definitions of at least two Internet Security Association and Key Management Protocol (ISAKMP) client profiles for the VPN, wherein each ISAKMP client profile defines an association with a respective predetermined client category via an ISAKMP match identity command, and wherein the ISAKMP client profiles are modified to contain priority commands indicating a plurality of different priorities; to initiate connections for a client in the VPN; to match a client to a profile selected from the at least two ISAKMP client profiles; to assign a priority to a packet from the client responsively to the profile; and to set up a VPN connection for the client responsively to the priority. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for prioritizing the setup of a plurality of connections in a Virtual Private Network (VPN) serving a plurality of clients, the apparatus comprising:
-
means for predefining at least two Internet Security Association and Key Management Protocol (ISAKMP) client profiles for the VPN, wherein each ISAKMP client profile defines an association with a respective predetermined client category via an ISAKMP match identity command; means for adding a priority command to the ISAKMP client profiles, the priority commands indicating a plurality of different priorities; means for initiating connections in the VPN for at least two clients; means for matching the at least two clients with respective profiles selected from the at least two predefined ISAKMP client profiles; means for setting up the VPN connections for the at least two clients according to the priorities of the predefined ISAKMP client profiles.
-
-
20. A computer software product for prioritizing the setup of a plurality of connections in a Virtual Private Network (VPN) serving a plurality of clients, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when executed by a processor, cause the processor:
-
to accept a definition of at least two Internet Security Association and Key Management Protocol (ISAKMP) client profiles for the VPN, wherein each ISAKMP client profile defines an association with a respective predetermined client category via an ISAKMP match identity command, the ISAKMP client profiles modified to contain priority commands indicating a plurality of different priorities; to initiate connections for a client in the VPN; to match a client to a profile selected from the at least two ISAKMP client profiles; to assign a priority to a packet from the client responsively to the ISAKMP client profile; and to set up a VPN connection for the client responsively to the priority. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification