Method and system for multi-domain virtual private network configuration
First Claim
1. A method for configuration of a multi-domain virtual private network (VPN) within a communications network comprising the steps of:
- providing domain VPN information within at least two VPN provider domains of the communication network interconnected to each other;
at least one respective VPN being available in each of the at least two VPN provider domains, the VPNs being available between edge nodes of the at least two VPN provider domains, at which edge nodes customers are connected to the VPNs;
the domain VPN information comprising at least a VPN identity of VPNs available in a respective VPN provider domain;
initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain;
matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and
configuring the first VPN to comprise the first edge node based on the outcome of the matching step,wherein the step of matching includes sending an information request about existence of the first VPN from the first VPN provider domain to an adjacent VPN provider domain and returning an acknowledgment to the first VPN provider domain if a match is found, wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available.
1 Assignment
0 Petitions
Accused Products
Abstract
Information about virtual private networks—VPNs—in each domain of a multi-domain communications system is provided. By comparing a request for a configuration of a VPN with the provided information of other connected domains, a match can be found. VPN configuration can then be performed based on the outcome of the match. The provided domain VPN information is in one embodiment spread to other domains under constrictions put by SLAs between domain operators. The spreading of VPN information can be performed regularly or triggered by an external event. In another embodiment, the VPN configuration request is instead spread to different domains.
8 Citations
49 Claims
-
1. A method for configuration of a multi-domain virtual private network (VPN) within a communications network comprising the steps of:
-
providing domain VPN information within at least two VPN provider domains of the communication network interconnected to each other; at least one respective VPN being available in each of the at least two VPN provider domains, the VPNs being available between edge nodes of the at least two VPN provider domains, at which edge nodes customers are connected to the VPNs; the domain VPN information comprising at least a VPN identity of VPNs available in a respective VPN provider domain; initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain; matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and configuring the first VPN to comprise the first edge node based on the outcome of the matching step, wherein the step of matching includes sending an information request about existence of the first VPN from the first VPN provider domain to an adjacent VPN provider domain and returning an acknowledgment to the first VPN provider domain if a match is found, wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A communications network, comprising:
-
at least two virtual private network (VPN) provider domains being interconnected by connections between border nodes; means for operating VPNs within the communications network; edge nodes connected by the VPNs, wherein customer sites of the VPNs are connected at the edge nodes; at least one respective VPN being available in each of the at least two VPN provider domains; means for initiating a connect request for connecting a first edge node in a first VPN provider domain to a first VPN not presently available in the first VPN provider domain; VPN control nodes in each of the at least two network VPN provider domains comprising means for providing domain VPN information; the domain VPN information comprising at least a VPN identity of VPNs available in the VPN provider domain; means for matching an identity of the first VPN with VPN identities of a second VPN provider domain of the at least two VPN provider domains different from the first VPN provider domain; and means for configuring the first VPN to comprise the first edge node based on the output of the means for matching, wherein the means for matching includes request handling means for sending and receiving information requests about existence of a particular VPN to and from an adjacent VPN provider domain and for returning an acknowledgement if a match is found, and wherein the acknowledgement includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A VPN control node in a first VPN provider domain of a communications network having at least two VPN provider domains and supporting multi-domain virtual private networks (VPNs), at least one respective VPN being available in each of the at least two VPN provider domains, customers being connected to the VPNs at edge nodes of the at least two VPN provider domains, the VPN control node comprising electronic circuitry configured to:
-
provide domain VPN information; the domain VPN information comprising at least a VPN identity of VPNs available within a respective VPN provider domain; send an information request about existence of a first VPN in a second VPN provider domain;
match an identity of the first VPN with the VPN identities of the second VPN provider domain; andprocess an acknowledgment received from a VPN provider domain other than the first VPN provider domain if a match is found that includes information about which VPN provider domains that have to be transited to reach the VPN provider domain in which the first VPN is available. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
Specification