Technique and apparatus for using node ID as virtual private network (VPN) identifiers

US 7,974,201 B1
Filed: 01/14/2004
Issued: 07/05/2011
Est. Priority Date: 10/15/1999
Status: Active Grant

First Claim

Patent Images

1. An apparatus for routing packets from a first network node to a second network node in a data network, comprising:

means for assigning and then sending a unique first node identifier (ID) to the first node, wherein the unique first node ID is assigned and sent in response to a request from the first node for an identity assignment, and wherein a first virtual private network (VPN) is provisioned by the apparatus for the unique first node ID and an association between the first VPN and the unique first node ID is maintained by the apparatus;

means for receiving a packet from the first node, said packet including the unique first node ID and routing information for routing said packet to a destination address associated with said second node; and

means for routing the received packet to the destination address based on the received routing information, the received unique first node ID and its association with the first VPN, and the destination address being associated with the first VPN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for managing VPN packet flows over shared access data networks. Each node in the shared access network typically has an identifier or ID associated with it which is used at a Head End of the shared access network to uniquely identify that particular node from the other nodes in the network. According to the technique of the present invention, the node ID may be used at the Head End of the network to identify not only the corresponding node, but also to identify any virtual private networks (VPNs) of which the corresponding node is a member. Using the technique of the present invention, nodes which are members of the same VPN within a shared access network may exchange packets in a manner which does not require the packets to be routed outside the shared access network.

39 Citations

View as Search Results

25 Claims

1. An apparatus for routing packets from a first network node to a second network node in a data network, comprising:
- means for assigning and then sending a unique first node identifier (ID) to the first node, wherein the unique first node ID is assigned and sent in response to a request from the first node for an identity assignment, and wherein a first virtual private network (VPN) is provisioned by the apparatus for the unique first node ID and an association between the first VPN and the unique first node ID is maintained by the apparatus;
  
  means for receiving a packet from the first node, said packet including the unique first node ID and routing information for routing said packet to a destination address associated with said second node; and
  
  means for routing the received packet to the destination address based on the received routing information, the received unique first node ID and its association with the first VPN, and the destination address being associated with the first VPN.

2. A method of routing packets from a first network node to a second network node in a data network, comprising:
- assigning and then sending a unique first node identifier (ID) to the first node, wherein the unique first node ID is assigned and sent in response to a request from the first node for an identity assignment, and wherein a first virtual private network (VPN) is provisioned for the unique first node ID and an association between the first VPN and the unique first node ID is maintainedreceiving a packet from the first node, said packet including the unique first node ID and routing information for routing said packet to a destination address associated with said second node; and
  
  routing the received packet to the destination address based on the received routing information, the received unique first node ID and its association with the first VPN, and the destination address being associated with the first VPN.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24)
- - 3. The method of claim 2, wherein the first node is a cable modem and the unique first node ID includes a DOCSIS Service ID (SID) and an Internet Protocol (IP) address for the first node, wherein the request is a Dynamic Host Configuration Protocol (DHCP) request, wherein the IP address is assigned and sent in response to the DHCP request and based on a media access control (MAC) address of the first node as specified in the DHCP request.
  - 4. The method of claim 3, wherein the assigning and then sending of the IP address to the first node comprises:
    - forwarding the DHCP request from a cable modem termination system (CMTS) to a DHCP server;
      
      receiving at the CMTS a DHCP response, including the IP address, from the DHCP server; and
      
      sending the DHCP response, including the IP address, from the CMTS to the first node,wherein the SID is assigned and sent by the CMTS during a ranging process between the first node and the CMTS.
  - 5. The method of claim 2, wherein the unique first node ID includes an Internet Protocol (IP) address for the first node, wherein the request is a Dynamic Host Configuration Protocol (DHCP) request, wherein the IP address is assigned and sent in response to the DHCP request and based on a media access control (MAC) address of the first node as specified in the DHCP request.
  - 6. The method of claim 2, wherein the received packet is routed to the second node in a manner that does not cause the received packet to be routed through a VPN customer edge device.
  - 7. The method of claim 2, wherein the received packet is routed to the second node in a manner that does not cause the received packet to be routed outside an access network that includes the first and second nodes.
  - 8. The method of claim 2, wherein the unique first node ID includes an ID of the first node that is specific to a network on which the first and second network nodes reside.
  - 9. The method of claim 2, wherein the unique first node ID includes a DOCSIS Service ID for the first node.
  - 10. The method of claim 2, wherein the unique first node ID IDs includes a MAC address of the first node.
  - 11. The method of claim 2, wherein the unique first node ID includes an IP address associated with the first node.
  - 12. The method of claim 2, wherein the first VPN uses a Multiprotocol Label Switching Protocol (MPLS).
  - 24. The method of claim 2, wherein each of the unique first node ID is associated with the first VPN so as to specify the first node as a member of the first VPN and wherein the received packet is only routed to the destination address if the destination address is also associated with the first VPN so as to specify a device at the destination address as a member of the first VPN.

13. An apparatus for routing packets from a first network node to a second network node in a data network, comprising:
- one or more processors;
  
  one or more memory, wherein at least one of the processors or memory are configured for;
  
  assigning and then sending a unique first node identifier (ID) to the first node, wherein the unique first node ID is assigned and sent in response to a request from the first node for an identity assignment, and wherein a first virtual private network (VPN) is provisioned by the apparatus for the unique first node ID and an association between the first VPN and the unique first node ID is maintained by the apparatus;
  
  receiving a packet from the first node, said packet including the unique first node ID and routing information for routing said packet to a destination address associated with said second node; and
  
  routing the received packet to the destination address based on the received routing information, the received unique first node ID and its association with the first VPN, and the destination address being associated with the first VPN.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25)
- - 14. The apparatus of claim 13, wherein the first node is a cable modem and the unique first node ID includes a DOCSIS Service ID (SID) and an Internet Protocol (IP) address for the first node, wherein the request is a Dynamic Host Configuration Protocol (DHCP) request, wherein the IP address is assigned and sent in response to the DHCP request and based on a media access control (MAC) address of the first node as specified in the DHCP request.
  - 15. The apparatus of claim 14, wherein the apparatus is in the form of a cable modem termination system (CMTS) and the assigning and then sending of the IP address to the first node comprises:
    - forwarding the DHCP request from the CMTS to a DHCP server;
      
      receiving at the CMTS a DHCP response, including the IP address, from the DHCP server; and
      
      sending the DHCP response, including the IP address, from the CMTS to the first node,wherein the SID is assigned and sent by the CMTS during a ranging process between the first node and the CMTS.
  - 16. The apparatus of claim 13, wherein the unique first node ID includes an Internet Protocol (IP) address for the first node, wherein the request is a Dynamic Host Configuration Protocol (DHCP) request, wherein the IP address is assigned and sent in response to the DHCP request and based on a media access control (MAC) address of the first node as specified in the DHCP request.
  - 17. The apparatus of claim 13, wherein the received packet is routed to the second node in a manner that does not cause the received packet to be routed through a VPN customer edge device.
  - 18. The apparatus of claim 13, wherein the received packet is routed to the second node in a manner that does not cause the received packet to be routed outside an access network that includes the first and second nodes.
  - 19. The apparatus of claim 13, wherein the unique first node ID includes an ID of the first node that is specific to a network on which the first and second network nodes reside.
  - 20. The apparatus of claim 13, wherein the unique first node ID includes a DOCSIS Service ID for the first node.
  - 21. The apparatus of claim 13, wherein the unique first node ID includes a MAC address of the first node.
  - 22. The apparatus of claim 13, wherein the unique first node ID includes an IP address associated with the first node.
  - 23. The apparatus of claim 13, wherein the first VPN uses a Multiprotocol Label Switching Protocol (MPLS).
  - 25. The apparatus of claim 13, wherein each of the unique first node ID is associated with the first VPN so as to specify the first node as a member of the first VPN and wherein the received packet is only routed to the destination address if the destination address is also associated with the first VPN so as to specify a device at the destination address as a member of the first VPN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Litwack, Mark W., Daruwalla, Feisal Y., Forster, James R.
Primary Examiner(s)
Ngo; Ricky
Assistant Examiner(s)
SAMUEL, DEWANDA A

Application Number

US10/758,434
Time in Patent Office

2,729 Days
Field of Search

370/389, 370/235, 370/465, 370/395.5, 370/392, 370/395, 370/397, 370/409
US Class Current

370/235
CPC Class Codes

H04L 12/2801   Broadband local area networks

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/00   Routing or path finding of ...

H04L 45/50   using label swapping, e.g. ...

H04L 63/0272   Virtual private networks

Technique and apparatus for using node ID as virtual private network (VPN) identifiers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Technique and apparatus for using node ID as virtual private network (VPN) identifiers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links