Methods and systems for dynamically updating a routing table in a virtual private network

US 7,987,506 B1
Filed: 11/03/2006
Issued: 07/26/2011
Est. Priority Date: 11/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a tunnel between a plurality of peers that are configured to couple to a virtual private network, the tunnel having one or more security associations to enable secure communications between the plurality of peers through the tunnel;

while the tunnel is established, identifying a change in the virtual private network, and related network information;

creating a notification update message, wherein the notification update message comprises (i) based on the identified change, a type of change to be made to a routing table of a concentrator configured to couple to the virtual private network and (ii) the related network information;

sending the notification update message to the concentrator without creating a new tunnel at the time of sending, wherein the concentrator updates the routing table according to the notification update message; and

maintaining the one or more security associations and the tunnel during the updating of the routing table;

wherein the update message is sent through the tunnel between the plurality of peers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for dynamically updating a routing table in a virtual private network including a concentrator with a routing table and one or more security associations is provided. A change is identified in the virtual private network, and related network information is also identified. A notification update message is created, including (i) a type of change to be made to the routing table based on to the identified change and (ii) the related network information. The notification update message is sent to the concentrator, which updates the routing table according to the notification update message. During the updating of the routing table of the concentrator, current security associations of the virtual private network tunnel are maintained.

49 Citations

View as Search Results

14 Claims

1. A method comprising:
- establishing a tunnel between a plurality of peers that are configured to couple to a virtual private network, the tunnel having one or more security associations to enable secure communications between the plurality of peers through the tunnel;
  
  while the tunnel is established, identifying a change in the virtual private network, and related network information;
  
  creating a notification update message, wherein the notification update message comprises (i) based on the identified change, a type of change to be made to a routing table of a concentrator configured to couple to the virtual private network and (ii) the related network information;
  
  sending the notification update message to the concentrator without creating a new tunnel at the time of sending, wherein the concentrator updates the routing table according to the notification update message; and
  
  maintaining the one or more security associations and the tunnel during the updating of the routing table;
  
  wherein the update message is sent through the tunnel between the plurality of peers.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein identifying comprises:
    - identifying at least one unavailable network link within the virtual private network and the network address of the at least one unavailable network link; and
      
      wherein creating comprises;
      
      creating a notification update message, wherein the type of change comprises a delete attribute and the related network information comprises the network address of the at least one unavailable network link.
  - 3. The method of claim 2 wherein creating comprises:
    - encoding the network address of the at least one unavailable network link in the delete attribute of the notification update message.
  - 4. The method of claim 1 wherein identifying comprises:
    - identifying at least one newly available network link within the virtual private network and the network address of the at least one newly available network link;
      
      and wherein creating comprises;
      
      creating a notification update message, wherein the type of change comprises an add attribute and the related network information comprises the network address of the at least one newly available network link.
  - 5. The method of claim 4 wherein creating comprises:
    - creating a notification update message, wherein the type of change comprises an add attribute, wherein the add attribute encodes an admin-distance value to set preferences for alternative routes.
  - 6. The method of claim 4 wherein creating comprises:
    - encoding the network address of the at least one newly available network link in the add attribute of the notification update message.

7. A non-transitory computer-readable medium storing instructions, which, when executed by one or more processors, cause one or more computing devices to perform operations comprising:
- establishing a tunnel between a plurality of peers that are configured to couple to a virtual private network, the tunnel having one or more security associations to enable secure communications between the plurality of peers through the tunnel;
  
  identifying a change in the virtual private network, and related network information while the tunnel is established;
  
  creating a notification update message, wherein the notification update message comprises (i) based on the identified change, a type of change to be made to a routing table of a concentrator configured to couple to the virtual private network and (ii) the related network information;
  
  sending the notification update message to the concentrator without creating a new tunnel at the time of sending, wherein the concentrator updates the routing table according to the notification update message;
  
  wherein the update message is sent through the tunnel between the plurality of peers; and
  
  maintaining the one or more security associations and the tunnel during the updating of the routing table.
- View Dependent Claims (8, 9, 10)
- - 8. The non-transitory computer-readable medium of claim 7 wherein the instructions for identifying cause the one or more computing devices to perform operations comprising:
    - identifying at least one unavailable network link within the virtual private network and the network address of the at least one unavailable network link;
      
      and wherein the instructions for creating cause the one or more computing devices to perform operations comprising;
      
      creating a notification update message, wherein the type of change comprises a delete attribute and the related network information comprises the network address of the at least one unavailable network link.
  - 9. The non-transitory computer-readable medium of claim 7 wherein the instructions for identifying comprises:
    - identifying at least one newly available network link within the virtual private network and the network address of the at least one newly available network link;
      
      and wherein the instructions for creating cause the one or more computing devices to perform operations comprising;
      
      creating a notification update message, wherein the type of change comprises an add attribute and the related network information comprises the network address of the at least one newly available network link.
  - 10. The non-transitory computer-readable medium of claim 9 wherein the instructions for creating cause the one or more computing devices to perform operations comprising:
    - creating a notification update message, wherein the type of change comprises an add attribute, wherein the add attribute encodes an admin-distance value to set preferences for alternative routes.

11. A computer system configured as a client comprising:
- a memory;
  
  a processor;
  
  an interconnection mechanism coupling the memory and the processor allowing communication there between;
  
  wherein the memory is encoded with an update application, that when executed in the processor, provides an update process that dynamically updates a routing table in a concentrator configured to couple to a virtual private network, by causing the computer system to perform the operations of;
  
  establishing a tunnel between a plurality of peers that are configured to couple to a virtual private network, the tunnel having one or more security associations to enable secure communications between the plurality of peers through the tunnel;
  
  while the tunnel is established, identifying a change in the virtual private network, and related network information;
  
  creating a notification update message, wherein the notification update message comprises (i) a type of change to be made to the routing table based on the identified change and (ii) the related network information;
  
  sending the notification update message to the concentrator without creating a new tunnel at the time of sending, wherein the concentrator updates the routing table according to the notification update message; and
  
  maintaining the one or more security associations and the tunnel during the updating of the routing table;
  
  wherein the update message is sent through the tunnel between the plurality of peers.
- View Dependent Claims (12, 13, 14)
- - 12. The computer system of claim 11 wherein identifying comprises:
    - identifying at least one unavailable network link within the virtual private network and the network address of the at least one unavailable network link; and
      
      wherein creating comprises;
      
      creating a notification update message, wherein the type of change comprises a delete attribute and the related network information comprises the network address of the at least one unavailable network link.
  - 13. The computer system of claim 11 wherein identifying comprises:
    - identifying at least one newly available network link within the virtual private network and the network address of the at least one newly available network link; and
      
      wherein creating comprises;
      
      creating a notification update message, wherein the type of change comprises an add attribute and the related network information comprises the network address of the at least one newly available network link.
  - 14. The computer system of claim 13 wherein creating comprises:
    - creating a notification update message, wherein the type of change comprises an add attribute, wherein the add attribute encodes an admin-distance value to set preferences for alternative routes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patil, Shashidhar P., Khalid, Mohamed, Akhter, Aamer, Asati, Rajiv
Primary Examiner(s)
Hoffman; Brandon S

Application Number

US11/592,505
Time in Patent Office

1,726 Days
Field of Search

709/203, 709/230, 709/223, 709/224, 709/226, 709/229, 709/249, 370/328, 370/329, 370/356, 370/401, 370/310
US Class Current

726/15
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/02   Topology update or discovery

H04L 63/0272   Virtual private networks

Methods and systems for dynamically updating a routing table in a virtual private network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for dynamically updating a routing table in a virtual private network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links