Dynamic assignment of quality of service (QoS) to an active session in an ipsec tunnel
First Claim
1. A computer system having a processor and a memory, the computer system executes a method for dynamically providing QoS to a data session in a secure data tunnel in one or more networks, comprising:
- establishing the secure data tunnel between an endpoint device and a home agent wherein the secure data tunnel is a framework for security and represents a transfer of encapsulated packets at one or more layers;
receiving, at the home agent, a first information set associated with the secure data tunnel;
providing the first information set and a second information set to a policy server;
receiving an indication at a session border controller of the data session in the secure data tunnel wherein the session border controller provides at least one of a codec information and an IP address of the endpoint device to the policy server;
with the first information set, the second information set, and at least one of the codec information and the IP address of the endpoint device, determining one or more bandwidth requirements from one or more policies based in the policy server; and
providing the one or more bandwidth requirements to at least one of another policy server and a termination device wherein the another policy server communicates with the termination device when the another policy server receives the one or more bandwidth requirements wherein the termination device establishes one or more bandwidths for the secure data tunnel.
6 Assignments
0 Petitions
Accused Products
Abstract
Quality of Service (QoS) is provided to a secure data tunnel such an an IPsec tunnel using information about the tunnel and the underlying data session to formulate a set of bandwidth requirements. A policy server operates to receive the information to create the set of bandwidth requirements which are enforced by a termination device. The termination device sets the bandwidths. QoS can be provided on a static or continuous basis. QoS can be provided on a dynamic basis. QoS can be provided at different levels depending on the type of data session. Multiple QoS can be provided for multiple data sessions existing simultaneously using multiple SSIDs.
109 Citations
26 Claims
-
1. A computer system having a processor and a memory, the computer system executes a method for dynamically providing QoS to a data session in a secure data tunnel in one or more networks, comprising:
-
establishing the secure data tunnel between an endpoint device and a home agent wherein the secure data tunnel is a framework for security and represents a transfer of encapsulated packets at one or more layers; receiving, at the home agent, a first information set associated with the secure data tunnel; providing the first information set and a second information set to a policy server; receiving an indication at a session border controller of the data session in the secure data tunnel wherein the session border controller provides at least one of a codec information and an IP address of the endpoint device to the policy server; with the first information set, the second information set, and at least one of the codec information and the IP address of the endpoint device, determining one or more bandwidth requirements from one or more policies based in the policy server; and providing the one or more bandwidth requirements to at least one of another policy server and a termination device wherein the another policy server communicates with the termination device when the another policy server receives the one or more bandwidth requirements wherein the termination device establishes one or more bandwidths for the secure data tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for dynamically providing QoS to a data session in a VPN in one or more networks, comprising:
-
a home agent, a session border controller, a policy server, and at least one of another policy server and a termination device operates together in the one or more networks; the home agent receives a first data set associated with the data session in the VPN, provides to the policy server at least one of the first data set and a second data set associated with the home agent, and establishes a secure data tunnel to an endpoint device; the session border controller receives an indication of the data session and provides at least one of a codec information and an IP address associated with the endpoint device initiating the data session to the policy server; the policy server receives at least one of the first data set and the second data set, monitors for the codec information and the IP address from the session border controller, and provides at least one of an upstream bandwidth requirement and a downstream bandwidth requirement to at least one of the another policy server and the termination device wherein upon a receipt of the codec information and the IP address, the policy server correlates the codec information and the IP address to the first data set and the second data set for the VPN and the data session; and either the another policy server receives the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement, and communicates the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement to the termination device, or the termination device receives the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. One or more computer readable non transitory media encoded with computer executable instructions for executing a method for dynamically setting a QoS without classifying a data packet, comprising:
-
inputting one or more policies into a policy server that are associated with determining one or more bandwidth requirements for a secure tunnel and identifying the secure tunnel; receiving at the policy server a first set of information about the secure tunnel wherein the policy server stores the first set of information; receiving at the policy server a second set of information about the data packet in the secure tunnel wherein the first set and the second set are associated together wherein the policy server executes a subset of the one or more policies to determine the one or more bandwidth requirements and to identify the secure tunnel; and providing from the policy server the one or more bandwidth requirements and an identification of the secure tunnel to at least one of another policy server and a termination device wherein the termination device sets one or more bandwidths for the secure tunnel wherein the another server provides the one or more bandwidth requirements and the identification of the secure tunnel to the termination device when the another policy server receives the one or more bandwidth requirements. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification