System and method for prioritization of traffic through internet access network
First Claim
1. A method of prioritizing a traffic flow in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the method comprising:
- forwarding packets from an end user device to the receiving sub-network through a first gateway in an access network;
at the first gateway in the access network, determining whether the packets from the end user device are requesting a new session with the VPN gateway;
at the first gateway in the access network, non-invasively and, independently of any shared secrets between the VPN gateway and the end user device, using a deep packet inspector to infer from the packets requesting the new session whether the request was accepted by the VPN gateway by monitoring both the traffic flow passing through an egress port to the receiving sub-network and the traffic flow coming from the receiving sub-network through the egress port; and
when it is inferred that the request was accepted by the VPN gateway,using a subscriber and policy management system (SPMS) to determine a new priority level to assign to the new session, wherein the new priority level is higher than a default priority level and is predetermined by the owner of the VPN gateway;
using the SPMS to reconfigure network elements in the access network to permit the traffic flow to the VPN gateway at the new priority level;
using the SPMS to mark the packets from the end user device in the egress port with the new priority level before sending the packets to the VPN gateway; and
maintaining the traffic flow for a session between the VPN gateway and the end user device at the new priority level until the deep packet inspector determines that there is no traffic flow over the VPN gateway other than traffic flow not initiated by a user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for ensuring that specific traffic flows are adequately prioritized in a public packet communication network even when the network is heavily congested. Per-flow QoS capability is added to VPN tunnels. Connection requests are routed through a specific port in an access provider'"'"'s network to designated VPN gateway. Deep packet inspection is performed on traffic through the port in an attempt to determine whether the connection request was accepted. If the connection request was accepted, the traffic flows associated with that session may be given a specific priority of QoS level when transiting a packet access network.
279 Citations
19 Claims
-
1. A method of prioritizing a traffic flow in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the method comprising:
-
forwarding packets from an end user device to the receiving sub-network through a first gateway in an access network; at the first gateway in the access network, determining whether the packets from the end user device are requesting a new session with the VPN gateway; at the first gateway in the access network, non-invasively and, independently of any shared secrets between the VPN gateway and the end user device, using a deep packet inspector to infer from the packets requesting the new session whether the request was accepted by the VPN gateway by monitoring both the traffic flow passing through an egress port to the receiving sub-network and the traffic flow coming from the receiving sub-network through the egress port; and when it is inferred that the request was accepted by the VPN gateway, using a subscriber and policy management system (SPMS) to determine a new priority level to assign to the new session, wherein the new priority level is higher than a default priority level and is predetermined by the owner of the VPN gateway; using the SPMS to reconfigure network elements in the access network to permit the traffic flow to the VPN gateway at the new priority level; using the SPMS to mark the packets from the end user device in the egress port with the new priority level before sending the packets to the VPN gateway; and maintaining the traffic flow for a session between the VPN gateway and the end user device at the new priority level until the deep packet inspector determines that there is no traffic flow over the VPN gateway other than traffic flow not initiated by a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system in an access network for prioritizing a traffic flow in a packet communication system destined for a receiving sub-network hosting a virtual private network (VPN) gateway, the system comprising:
-
a subscriber and policy management system (SPMS) that reconfigures network elements within the access network and marks packets from an end user device in an egress port to maintain the traffic flow for a session at a new priority level higher than a default priority level, wherein the new priority level is predetermined by the owner of the VPN gateway; a first gateway in the access network that forwards the traffic flow to the VPN gateway; an edge router that forwards the traffic flow to the first gateway in the access network; means at the VPN gateway in the access network that determine whether the packets from the end user device are requesting a new session with the VPN gateway; a deep packet inspector in the access network that non-invasively and, independently of any shared secrets between the VPN gateway and the end user device, infers from the packets requesting the new session whether the request was accepted by the VPN gateway by monitoring both the traffic flow passing through an egress port to the receiving sub-network and the traffic flow coming from the receiving sub-network through the egress port; and means at the VPN gateway to inform the SPMS that the session is to be given the new priority level after it is inferred that the packets requesting the new session were accepted by the VPN gateway until the deep packet inspector determines that there is no traffic flow over the VPN gateway other than traffic flow not initiated by a user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification