Method and system for multi-domain virtual private network configuration

US 7,869,447 B2
Filed: 06/30/2005
Issued: 01/11/2011
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for configuration of a multi-domain virtual private network (VPN) within a communications network comprising the steps of:

providing domain VPN information within at least two VPN provider domains of the communication network interconnected to each other;

at least one respective VPN being available in each of the at least two VPN provider domains, the VPNs being available between edge nodes of the at least two VPN provider domains, at which edge nodes customers are connected to the VPNs;

the domain VPN information comprising at least a VPN identity of VPNs available in a respective VPN provider domain;

initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain;

matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and

configuring the first VPN to comprise the first edge node based on the outcome of the matching step,wherein the step of matching includes sending an information request about existence of the first VPN from the first VPN provider domain to an adjacent VPN provider domain and returning an acknowledgment to the first VPN provider domain if a match is found, wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information about virtual private networks—VPNs—in each domain of a multi-domain communications system is provided. By comparing a request for a configuration of a VPN with the provided information of other connected domains, a match can be found. VPN configuration can then be performed based on the outcome of the match. The provided domain VPN information is in one embodiment spread to other domains under constrictions put by SLAs between domain operators. The spreading of VPN information can be performed regularly or triggered by an external event. In another embodiment, the VPN configuration request is instead spread to different domains.

8 Citations

View as Search Results

49 Claims

1. A method for configuration of a multi-domain virtual private network (VPN) within a communications network comprising the steps of:
- providing domain VPN information within at least two VPN provider domains of the communication network interconnected to each other;
  
  at least one respective VPN being available in each of the at least two VPN provider domains, the VPNs being available between edge nodes of the at least two VPN provider domains, at which edge nodes customers are connected to the VPNs;
  
  the domain VPN information comprising at least a VPN identity of VPNs available in a respective VPN provider domain;
  
  initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain;
  
  matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and
  
  configuring the first VPN to comprise the first edge node based on the outcome of the matching step,wherein the step of matching includes sending an information request about existence of the first VPN from the first VPN provider domain to an adjacent VPN provider domain and returning an acknowledgment to the first VPN provider domain if a match is found, wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. A method according to claim 1, wherein the step of matching comprises:
    - comparing the information request with provided domain VPN information in a VPN provider domain different from the first VPN provider domain.
  - 3. A method according to claim 1, wherein the step of matching comprises the steps of:
    - sending an information request about existence of the first VPN from the first VPN provider domain to one, several or all domains; and
      
      comparing the information request with provided domain VPN information in a VPN provider domain different from the first VPN provider domain.
  - 4. A method according to claim 2, wherein the step of matching further comprises the step of:
    - forwarding the information request about existence of the first VPN to further adjacent VPN provider domain if no match is found.
  - 5. A method according to claim 1, wherein the acknowledgement additionally comprises data representing at least one of:
    - domain ID of VPN provider domain in which the first VPN is available;
      
      edge node ID of edge node in which the first VPN is available;
      
      routing information to the edge node in which the first VPN is available.
  - 6. A method according to claim 1, wherein the step of matching comprises the steps of:
    - processing the domain VPN information into processed VPN information comprising at least one VPN identity;
      
      transferring the processed VPN information between adjacent VPN provider domains;
      
      comparing the identity of the first VPN with the transferred processed VPN information.
  - 7. A method according to claim 1, wherein the step of matching in turn comprises the steps of:
    - processing the domain VPN information into processed VPN information comprising at least one VPN identity;
      
      transferring the processed VPN information to one, several or all VPN provider domains;
      
      comparing the identity of the first VPN with the transferred processed VPN information.
  - 8. A method according to claim 6, wherein the step of matching comprises the further step of further processing the transferred processed VPN information before the comparing step.
  - 9. A method according to claim 6, wherein the processed VPN information to be transferred to other VPN provider domains additionally comprises processed VPN information received from adjacent VPN provider domains.
  - 10. A method according to claim 9, wherein the step of processing comprises addition of transit information regarding the processed VPN information transferred from other VPN provider domains or information derived therefrom.
  - 11. A method according to claim 6, wherein the processed VPN information additionally comprises at least one of:
    - domain ID of VPN provider domains in which different VPNs are available;
      
      edge node ID of edge nodes at which different VPNs are available;
      
      information about which VPN provider domains that has to be transited to reach the VPN provider domain in which different VPNs are available; and
      
      routing information to the edge node at which different VPNs are available.
  - 12. A method according to claim 6, wherein the step of transferring of processed VPN information is performed on a repeated basis.
  - 13. A method according to claim 6, wherein the step of transferring of processed VPN information is performed as a response on changes of domain VPN information.
  - 14. A method according to claim 6, wherein the step of transferring of processed VPN information is performed as a response of the connect request.
  - 15. A method according to claim 1, wherein the domain VPN information further comprises customer identities of customers connected to the respective edge nodes and associated VPN.
  - 16. A method according to claim 1, wherein the domain VPN information further comprises properties of the VPNs.
  - 17. A method according to claim 16, wherein the properties of the VPNs comprise at least one of:
    - quality of service properties;
      
      encryption properties;
      
      transparency layer properties;
      
      tunneling properties; and
      
      topology properties.
  - 18. A method according to claim 1, wherein the step of providing domain VPN information comprises collecting domain VPN data from edge nodes within the same VPN provider domains.
  - 19. A method according to claim 18, wherein the collecting of domain VPN data is performed in a centralized manner in at least one VPN provider domain.
  - 20. A method according to claim 18, wherein the collecting of domain VPN data is performed in a distributed manner in at least one VPN provider domain.
  - 21. A method according to claim 18, wherein the collecting of domain VPN data is performed by a push mechanism.
  - 22. A method according to claim 18, wherein the collecting of domain VPN data is performed by a pull mechanism.

23. A communications network, comprising:
- at least two virtual private network (VPN) provider domains being interconnected by connections between border nodes;
  
  means for operating VPNs within the communications network;
  
  edge nodes connected by the VPNs, wherein customer sites of the VPNs are connected at the edge nodes;
  
  at least one respective VPN being available in each of the at least two VPN provider domains;
  
  means for initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain;
  
  VPN control nodes in each of the at least two network VPN provider domains comprising means for providing domain VPN information;
  
  the domain VPN information comprising at least a VPN identity of VPNs available in the VPN provider domain;
  
  means for matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and
  
  means for configuring the first VPN to comprise the first edge node based on the output of the means for matching,wherein the means for matching includes request handling means for sending and receiving information requests about existence of a particular VPN to and from an adjacent VPN provider domain and for returning an acknowledgement if a match is found, and wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. A communications network according to claim 23, wherein the VPN control node is a centralized node in at least one VPN provider domain.
  - 25. A communications network according to claim 23, wherein the VPN control node is a distributed node in at least one VPN provider domain.
  - 26. A communications network according to claim 25, wherein at least a part of the distributed VPN control node is in logical connection with a border node, and wherein communication between the distributed VPN control node and VPN provider domains connected through the border node takes place via the border node.
  - 27. A communications network according to claim 23, wherein the VPN control node comprises a storage for VPN information.
  - 28. A communications network according to claim 23, wherein the means for matching is distributed in all VPN provider domains, which distributed parts comprise:
    - means for comparing received information requests with provided domain VPN information of its own VPN provider domain.
  - 29. A communications network according to claim 23, wherein the means for matching is distributed in all VPN provider domains, which distributed parts comprise:
    - request handling means for sending and receiving information requests about existence of a particular VPN to and from one, several or all VPN provider domains; and
      
      means for comparing received information requests with provided domain VPN information of its own VPN provider domain;
      
      the request handling means is further arranged for returning an acknowledgement if a match is found.
  - 30. A communications network according to claim 28, wherein the request handling means is further arranged to forward an information request to further adjacent VPN provider domains if no match is found.
  - 31. A communications network according to claim 23, wherein the VPN control node further comprises:
    - first processor for processing the domain VPN information into processed VPN information, connected to the storage; and
      
      means for transferring the processed VPN information to other VPN provider domains, connected to the first processor.
  - 32. A communications network according to claim 31, wherein the VPN control node further comprises:
    - means for receiving processed VPN information from other VPN provider domains;
      
      second processor for processing the received processed VPN information, connected to the means for receiving and the storage allowing the processed received VPN information to be stored in the storage.
  - 33. A communications network according to claim 23, wherein the VPN control nodes in at least one network VPN provider domain comprises means for collecting domain VPN information from edge nodes in the same VPN provider domain.

34. A VPN control node in a first VPN provider domain of a communications network having at least two VPN provider domains and supporting multi-domain virtual private networks (VPNs), at least one respective VPN being available in each of the at least two VPN provider domains, customers being connected to the VPNs at edge nodes of the at least two VPN provider domains, the VPN control node comprising electronic circuitry configured to:
- provide domain VPN information;
  
  the domain VPN information comprising at least a VPN identity of VPNs available within a respective VPN provider domain;
  
  send an information request about existence of a first VPN in a second VPN provider domain;
  
  match an identity of the first VPN with the VPN identities of the second VPN provider domain; and
  
  process an acknowledgment received from a VPN provider domain other than the first VPN provider domain if a match is found that includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 35. A VPN control node according to claim 34, further comprising a configuring machine for VPN connections within the first VPN provider domain.
  - 36. A VPN control node according to claim 34, further comprising a configuring machine for inter-domain VPN connections involving the first VPN provider domain.
  - 37. A VPN control node according to claim 34, wherein the control node is a centralized node.
  - 38. A VPN control node according to claim 37, wherein the electronic circuitry is configured to communicate with VPN control nodes in other VPN provider domains via border nodes.
  - 39. A VPN control node according to claim 37, wherein the electronic circuitry is configured to communicate by dedicated VPN control signal connections with VPN control nodes in other VPN provider domains.
  - 40. A VPN control node according to claim 34, wherein the control node is a distributed node.
  - 41. A VPN control node according to claim 40, wherein at least a part of the distributed control node is in logical connection with a border node, through which data communication to neighboring domains takes place.
  - 42. A VPN control node according to claim 34, wherein the control node comprises a storage for VPN information.
  - 43. A VPN control node according to claim 42, wherein the storage for VPN information is centralized.
  - 44. A VPN control node according to claim 42, wherein the storage for VPN information is distributed.
  - 45. A VPN control node according to claim 34, wherein the electronic circuitry is configured to communicate domain VPN information to and from other VPN provider domains.
  - 46. A VPN control node according to claim 34, wherein the electronic circuitry is configured to forward a VPN request to other VPN provider domains if no match is found.
  - 47. A VPN control node according to claim 34, wherein the electronic circuitry is configured to collect domain VPN information from edge nodes in the same VPN provider domain.
  - 48. A VPN control node according to claim 47, wherein the electronic circuitry is configured to collect domain VPN information according to a push mechanism.
  - 49. A VPN control node according to claim 47, wherein the electronic circuitry is configured to collect domain VPN information according to a pull mechanism.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Westberg, Lars, Mångs, Jan-Erik, Flinta, Christofer
Primary Examiner(s)
Ferris; Derrick W
Assistant Examiner(s)
Crompton; Christopher R

Application Number

US11/170,185
Publication Number

US 20060018300A1
Time in Patent Office

2,021 Days
Field of Search

370/254, 370/401
US Class Current

370/401
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

H04L 63/0272 Virtual private networks

Method and system for multi-domain virtual private network configuration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

49 Claims

Specification

Use Cases

Quick Links

Others

Method and system for multi-domain virtual private network configuration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

49 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others