Method and system for transporting service flow securely in an IP network

US 8,542,580 B2
Filed: 10/06/2006
Issued: 09/24/2013
Est. Priority Date: 06/18/2004
Status: Active Grant

First Claim

Patent Images

1. A method for transporting a service flow securely in an Internet Protocol, IP, network, comprising the following steps:

upon receiving a service call request sent by a calling user, a service server determining bandwidth that the service call needs through negotiation with the calling user and a called user, and analyzing the service call to determine a quality of service (QoS) level and a security level;

the service server sending a first request to a resource manager, requesting to build a service flow path for a call between the calling user and the called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level;

the resource manager receiving the first request, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, and if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between a first Provider Edge Router (PE) that serves the calling user and a second PE that serves the called user;

the resource manager sending a configuration request message to the first PE and the second PE respectively according to the LSP;

each of the first PE and the second PE building an item in respective flow classification tables according to the configuration request message, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow of the call comprises protocol, source address, local port number, remote address, and remote port number; and

each of the first PE and the second PE receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method for transporting a service flow securely in an Internet Protocol (IP) network, which includes the following steps: a service server sends a first request to a resource manager, requesting to build a service flow path between a calling user and a called user in a logical bearing network; the resource manager chooses a service flow path between a first Provider Edge Router (PE) that the calling user belongs to and a second PE that the called user belongs to in the logical bearing network; the resource manage sends a configuration request message to the first and second PEs; the first and second PEs build flow classification table items including the service flow path according to the configuration request message, respectively, and forward only the service flow matching one of the flow classification table items to corresponding service flow path in the logical bearing network.

Citations

12 Claims

1. A method for transporting a service flow securely in an Internet Protocol, IP, network, comprising the following steps:
- upon receiving a service call request sent by a calling user, a service server determining bandwidth that the service call needs through negotiation with the calling user and a called user, and analyzing the service call to determine a quality of service (QoS) level and a security level;
  
  the service server sending a first request to a resource manager, requesting to build a service flow path for a call between the calling user and the called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level;
  
  the resource manager receiving the first request, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, and if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between a first Provider Edge Router (PE) that serves the calling user and a second PE that serves the called user;
  
  the resource manager sending a configuration request message to the first PE and the second PE respectively according to the LSP;
  
  each of the first PE and the second PE building an item in respective flow classification tables according to the configuration request message, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow of the call comprises protocol, source address, local port number, remote address, and remote port number; and
  
  each of the first PE and the second PE receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the configuration request message sent by the resource manager to the first PE and the second PE comprises:
    - a parameter of the service flow, a parameter of a security level, a parameter of a QoS and routing information, which are used for the first PE and the second PE to build the flow classification tables according to the parameters and the routing information.
  - 3. The method according to claim 1, wherein the flow classification tables built by the first PE and the second PE comprises:
    - an attribute of an IP packet and an identity of a corresponding service flow path;
      
      the attribute of the IP packet comprises at least one of the following;
      
      a protocol, a source address, a local port number, a remote address, and a remote port number;
      
      the service flow matching information contained in one of items listed in the flow classification tables is the service flow matching the attribute of the IP packet.
  - 4. The method according to claim 1, further comprising:
    - the service server sending a service ending notice to the resource manager when a service between the calling user and the called user is over;
      
      the resource manager updating a resource status of the network upon receiving the service ending notice, and sending a command instructing the first PE and the second PE to cancel the service flow in the flow classification tables.
  - 5. The method according to claim 1, wherein the service server is a soft-switching device.
  - 6. The method according to claim 1, wherein the service flow path is a label switching path.
  - 7. The method according to claim 1, wherein the step of the resource manager establishing a service flow path between a first PE and a second PE comprises:
    - choosing, by the resource manager, from a plurality of pre-established LSPs in an IP network, an LSP between the first PE and the second PE for the call.
  - 8. The method according to claim 7, wherein the step of choosing an LSP between a first PE and a second PE from the pre-established LSPs for the call comprises choosing an LSP which satisfies the demands in the first request from the pre-established LSPs.
  - 9. The method according to claim 8, further comprising:
    - before the step of sending the first request by the service server, upon receiving a service call request sent by the calling user, the service server determining the bandwidth that the service call needs through negotiation with the calling user and the called user; and
      
      analyzing the service call to determine the QoS level and the security level.

10. A system for transporting a service flow securely in an Internet Protocol, IP, network, comprising:
- a service server,a resource manager,a first Provider Edge Router (PE) and a second PE, whereinthe service server is used for determining bandwidth that a service call needs through negotiation with a calling user and a called user upon receiving the service call request sent by the calling user, and analyzing the service call to determine a quality of service (QoS) level and a security level, sending a first request to the resource manager to build a service flow path for a call between a calling user and a called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level;
  
  the resource manager is used for receiving the first request from the service server, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between the first PE that serves the calling user and the second PE that serves the called user, and sending a configuration request message to the first PE and the second PE respectively according to the LSP;
  
  the first PE and the second PE are used for respectively building an item in respective flow classification tables according to the received configuration request message, and after receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow comprises protocol, source address, local port number, remote address, and remote port number.
- View Dependent Claims (11, 12)
- - 11. The system according to claim 10, wherein the establishing a LSP between the first PE and the second PE comprises choosing from a plurality of pre-established LSPs in an IP network, an LSP between the first PE and the second PE for the call.
  - 12. The system according to claim 11, wherein the establishing a LSP between the first PE and the second PE comprises choosing from the plurality of pre-established LSPs an LSP between the first PE and the second PE which satisfies the demands in the first request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Li, Hejun
Primary Examiner(s)
RENNER, BRANDON M

Application Number

US11/543,790
Publication Number

US 20070086340A1
Time in Patent Office

2,545 Days
Field of Search

370/229, 370/230, 370/235, 370/236, 370/236.1, 370/237, 370241-255
US Class Current

370/230
CPC Class Codes

H04L 45/502   Frame based

H04L 47/2441   relying on flow classificat...

H04L 47/70   Admission control; Resource...

H04L 47/783   Distributed allocation of r...

H04L 47/801   Real time traffic

H04L 47/808   User-type aware

H04L 47/822   Collecting or measuring res...

H04L 47/825   Involving tunnels, e.g. MPLS

H04L 63/0428   wherein the data content is...

H04L 63/18   using different networks or...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 65/80   Responding to QoS

Method and system for transporting service flow securely in an IP network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transporting service flow securely in an IP network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links