Method and system for transporting service flow securely in an IP network
First Claim
1. A method for transporting a service flow securely in an Internet Protocol, IP, network, comprising the following steps:
- upon receiving a service call request sent by a calling user, a service server determining bandwidth that the service call needs through negotiation with the calling user and a called user, and analyzing the service call to determine a quality of service (QoS) level and a security level;
the service server sending a first request to a resource manager, requesting to build a service flow path for a call between the calling user and the called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level;
the resource manager receiving the first request, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, and if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between a first Provider Edge Router (PE) that serves the calling user and a second PE that serves the called user;
the resource manager sending a configuration request message to the first PE and the second PE respectively according to the LSP;
each of the first PE and the second PE building an item in respective flow classification tables according to the configuration request message, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow of the call comprises protocol, source address, local port number, remote address, and remote port number; and
each of the first PE and the second PE receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method for transporting a service flow securely in an Internet Protocol (IP) network, which includes the following steps: a service server sends a first request to a resource manager, requesting to build a service flow path between a calling user and a called user in a logical bearing network; the resource manager chooses a service flow path between a first Provider Edge Router (PE) that the calling user belongs to and a second PE that the called user belongs to in the logical bearing network; the resource manage sends a configuration request message to the first and second PEs; the first and second PEs build flow classification table items including the service flow path according to the configuration request message, respectively, and forward only the service flow matching one of the flow classification table items to corresponding service flow path in the logical bearing network.
-
Citations
12 Claims
-
1. A method for transporting a service flow securely in an Internet Protocol, IP, network, comprising the following steps:
-
upon receiving a service call request sent by a calling user, a service server determining bandwidth that the service call needs through negotiation with the calling user and a called user, and analyzing the service call to determine a quality of service (QoS) level and a security level; the service server sending a first request to a resource manager, requesting to build a service flow path for a call between the calling user and the called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level; the resource manager receiving the first request, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, and if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between a first Provider Edge Router (PE) that serves the calling user and a second PE that serves the called user; the resource manager sending a configuration request message to the first PE and the second PE respectively according to the LSP; each of the first PE and the second PE building an item in respective flow classification tables according to the configuration request message, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow of the call comprises protocol, source address, local port number, remote address, and remote port number; and each of the first PE and the second PE receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for transporting a service flow securely in an Internet Protocol, IP, network, comprising:
-
a service server, a resource manager, a first Provider Edge Router (PE) and a second PE, wherein the service server is used for determining bandwidth that a service call needs through negotiation with a calling user and a called user upon receiving the service call request sent by the calling user, and analyzing the service call to determine a quality of service (QoS) level and a security level, sending a first request to the resource manager to build a service flow path for a call between a calling user and a called user, wherein the first request comprises bandwidth that the service call needs, location information of the calling user and the called user, information of level of QoS and security level; the resource manager is used for receiving the first request from the service server, determining whether the network has enough resources for the service flow path by comparing a current resource status of the network with the information in the first request, if the network has not enough resources for the service flow path, rejecting the first request, if the network has enough resources for the service flow path, establishing a Label Switching Path (LSP) between the first PE that serves the calling user and the second PE that serves the called user, and sending a configuration request message to the first PE and the second PE respectively according to the LSP; the first PE and the second PE are used for respectively building an item in respective flow classification tables according to the received configuration request message, and after receiving a service flow, determining whether the service flow matches information contained in one of the items listed in the flow classification tables, forwarding the service flow to an LSP corresponding to the service flow when the service flow matches information contained in one of the items listed in the flow classification tables, and forwarding the service flow in a connectionless manner when the service flow does not match information contained in any one of the items listed in the flow classification tables, wherein the item comprises correspondence between information of a service flow of the call and an identity of the LSP, the information of the service flow comprises protocol, source address, local port number, remote address, and remote port number. - View Dependent Claims (11, 12)
-
Specification