Dynamic assignment of quality of service (QoS) to an active session in an ipsec tunnel

US 7,835,275 B1
Filed: 09/08/2006
Issued: 11/16/2010
Est. Priority Date: 09/08/2006
Status: Active Grant

First Claim

Patent Images

1. A computer system having a processor and a memory, the computer system executes a method for dynamically providing QoS to a data session in a secure data tunnel in one or more networks, comprising:

establishing the secure data tunnel between an endpoint device and a home agent wherein the secure data tunnel is a framework for security and represents a transfer of encapsulated packets at one or more layers;

receiving, at the home agent, a first information set associated with the secure data tunnel;

providing the first information set and a second information set to a policy server;

receiving an indication at a session border controller of the data session in the secure data tunnel wherein the session border controller provides at least one of a codec information and an IP address of the endpoint device to the policy server;

with the first information set, the second information set, and at least one of the codec information and the IP address of the endpoint device, determining one or more bandwidth requirements from one or more policies based in the policy server; and

providing the one or more bandwidth requirements to at least one of another policy server and a termination device wherein the another policy server communicates with the termination device when the another policy server receives the one or more bandwidth requirements wherein the termination device establishes one or more bandwidths for the secure data tunnel.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Quality of Service (QoS) is provided to a secure data tunnel such an an IPsec tunnel using information about the tunnel and the underlying data session to formulate a set of bandwidth requirements. A policy server operates to receive the information to create the set of bandwidth requirements which are enforced by a termination device. The termination device sets the bandwidths. QoS can be provided on a static or continuous basis. QoS can be provided on a dynamic basis. QoS can be provided at different levels depending on the type of data session. Multiple QoS can be provided for multiple data sessions existing simultaneously using multiple SSIDs.

109 Citations

View as Search Results

26 Claims

1. A computer system having a processor and a memory, the computer system executes a method for dynamically providing QoS to a data session in a secure data tunnel in one or more networks, comprising:
- establishing the secure data tunnel between an endpoint device and a home agent wherein the secure data tunnel is a framework for security and represents a transfer of encapsulated packets at one or more layers;
  
  receiving, at the home agent, a first information set associated with the secure data tunnel;
  
  providing the first information set and a second information set to a policy server;
  
  receiving an indication at a session border controller of the data session in the secure data tunnel wherein the session border controller provides at least one of a codec information and an IP address of the endpoint device to the policy server;
  
  with the first information set, the second information set, and at least one of the codec information and the IP address of the endpoint device, determining one or more bandwidth requirements from one or more policies based in the policy server; and
  
  providing the one or more bandwidth requirements to at least one of another policy server and a termination device wherein the another policy server communicates with the termination device when the another policy server receives the one or more bandwidth requirements wherein the termination device establishes one or more bandwidths for the secure data tunnel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising receiving another indication at the session border controller that the data session is no longer in the secure data tunnel wherein the session border controller provides a QoS teardown request to the policy server.
  - 3. The system of claim 2, further comprising providing from the policy server to at least one of the another policy server and the termination device a delete request wherein the delete request removes the allocated one or more bandwidths for the secure data tunnel.
  - 4. The system of claim 1, wherein the data session is selected from a group including a telephone call.
  - 5. The system of claim 4, wherein the telephone call is selected from a group including data packets and an RTP stream.
  - 6. The system of claim 1, wherein the secure data tunnel is selected from a group including a VPN.
  - 7. The system of claim 6, wherein the VPN is selected from a group including IPsec, SSL, TLS, and L2TP.
  - 8. The system of claim 1, wherein the first information set is selected from a group including an IP address assigned by a NAT router and a port assigned by the NAT router.
  - 9. The system of claim 8, wherein the second information set is selected from a group including an IP address assigned by the home agent and a port assigned by the home agent.
  - 10. The system of claim 9, wherein the endpoint device is selected from a group including a mobile phone, a PDA, and a laptop computer.
  - 11. The system of claim 1, wherein receiving the indication comprises receiving at least one of a SIP message, an RTP message, and an H.323 message.
  - 12. The system of claim 1, wherein determining one or more bandwidth requirements comprises determining at least one of an upstream bandwidth requirement and a downstream bandwidth requirement.
  - 13. The system of claim 1, wherein the termination device is selected from a group including a CMTS.

14. A system for dynamically providing QoS to a data session in a VPN in one or more networks, comprising:
- a home agent, a session border controller, a policy server, and at least one of another policy server and a termination device operates together in the one or more networks;
  
  the home agent receives a first data set associated with the data session in the VPN, provides to the policy server at least one of the first data set and a second data set associated with the home agent, and establishes a secure data tunnel to an endpoint device;
  
  the session border controller receives an indication of the data session and provides at least one of a codec information and an IP address associated with the endpoint device initiating the data session to the policy server;
  
  the policy server receives at least one of the first data set and the second data set, monitors for the codec information and the IP address from the session border controller, and provides at least one of an upstream bandwidth requirement and a downstream bandwidth requirement to at least one of the another policy server and the termination device wherein upon a receipt of the codec information and the IP address, the policy server correlates the codec information and the IP address to the first data set and the second data set for the VPN and the data session; and
  
  either the another policy server receives the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement, and communicates the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement to the termination device, or the termination device receives the at least one of the upstream bandwidth requirement and the downstream bandwidth requirement.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, further comprising the termination device establishes at least one of an upstream bandwidth and a downstream bandwidth for the data session in the VPN.
  - 16. The system of claim 14, wherein the termination device is selected from a group including a CMTS.
  - 17. The system of claim 14, wherein the first data set is selected from a group including an IP address assigned by a NAT router and a port assigned by the NAT router.
  - 18. The system of claim 14, wherein the second data set is selected from a group including an IP address assigned by the home agent and a port assigned by the home agent.
  - 19. The system of claim 14, wherein the VPN is selected from a group including IPsec, SSL, TLS, and L2TP.
  - 20. The system of claim 14, wherein the upstream bandwidth comprises a data path with a data flow from the endpoint device to the home agent and the downstream bandwidth comprises the data path with the data flow from the home agent to the endpoint device.

21. One or more computer readable non transitory media encoded with computer executable instructions for executing a method for dynamically setting a QoS without classifying a data packet, comprising:
- inputting one or more policies into a policy server that are associated with determining one or more bandwidth requirements for a secure tunnel and identifying the secure tunnel;
  
  receiving at the policy server a first set of information about the secure tunnel wherein the policy server stores the first set of information;
  
  receiving at the policy server a second set of information about the data packet in the secure tunnel wherein the first set and the second set are associated together wherein the policy server executes a subset of the one or more policies to determine the one or more bandwidth requirements and to identify the secure tunnel; and
  
  providing from the policy server the one or more bandwidth requirements and an identification of the secure tunnel to at least one of another policy server and a termination device wherein the termination device sets one or more bandwidths for the secure tunnel wherein the another server provides the one or more bandwidth requirements and the identification of the secure tunnel to the termination device when the another policy server receives the one or more bandwidth requirements.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The non transitory media of claim 21, wherein the secure tunnel is selected from a group including IPsec, SSL, TLS, and L2TP.
  - 23. The non transitory media of claim 22, wherein the first set of information is selected from a group including an IP address assigned by a NAT router, the IP address assigned by a home agent, a port assigned by the NAT router, and a port assigned by the home agent.
  - 24. The non transitory media of claim 23, wherein the second set of information is selected from a group including a codec and the IP address assigned to an endpoint device wherein the endpoint device is selected from the group including a mobile phone, a PDA, and a laptop computer.
  - 25. The non transitory media of claim 24, wherein receiving at the policy server the first set of information comprises receiving at the policy server the first set of information from a home agent.
  - 26. The non transitory media of claim 25, wherein receiving at the policy server the second set of information comprises receiving at the policy server the second set of information from a session border controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Swan, Tim L., McKinney, David Uel
Primary Examiner(s)
Yao; Kwang B
Assistant Examiner(s)
DUDA, ADAM K

Application Number

US11/530,159
Time in Patent Office

1,530 Days
Field of Search

370/229, 370/230, 370/230.1, 370/231, 370/232, 370/233, 370/234, 370/235, 370/235.1, 370/236, 370/236.2, 370/237, 370/238, 370/238.1, 370/239, 370/240
US Class Current

370/229
CPC Class Codes

H04L 2212/00   Encapsulation of packets

H04L 47/10   Flow control; Congestion co...

H04L 47/70   Admission control; Resource...

H04L 47/781   Centralised allocation of r...

H04L 47/805   QOS or priority aware

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 63/164   at the network layer

H04L 65/80   Responding to QoS

Dynamic assignment of quality of service (QoS) to an active session in an ipsec tunnel

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic assignment of quality of service (QoS) to an active session in an ipsec tunnel

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links