Externally controlled reachability in virtual private networks
First Claim
1. An arrangement comprising a network adapted to allow customer edge (CE) devices to connect to the network via edge routers of the network (11-15) that are coupled to elements (18) which assign at least some of said devices to specified VPNs and which normally operate to prohibit interconnection of customer edge devices that do not share a commonly assigned VPN, characterized by:
- a controller (110-200) that detects an identified application that is executed in a CE of said CEs and which calls for communication with another CE of said CEs, and (2) authorizes such communication when said identified application is included in a set of one or more allowed applications even when said CE and said another CE do not share a commonly assigned VPN, by directing one or more of said elements to modify themselves to enable establishing a connection between said CE and said another CE.
3 Assignments
0 Petitions
Accused Products
Abstract
A network that supports VPNs is enhanced to allow users in one VPN to communicate with users in another VPN in the course of executing a predefined application, such as VoIP. This capability is achieved dynamically by enabling a device that can communicate with the network elements that operate to normally prohibit inter-VPN communication to direct those network elements to enable such communication, at least for the purposes the purposes of specific applications.
20 Citations
13 Claims
-
1. An arrangement comprising a network adapted to allow customer edge (CE) devices to connect to the network via edge routers of the network (11-15) that are coupled to elements (18) which assign at least some of said devices to specified VPNs and which normally operate to prohibit interconnection of customer edge devices that do not share a commonly assigned VPN, characterized by:
a controller (110-200) that detects an identified application that is executed in a CE of said CEs and which calls for communication with another CE of said CEs, and (2) authorizes such communication when said identified application is included in a set of one or more allowed applications even when said CE and said another CE do not share a commonly assigned VPN, by directing one or more of said elements to modify themselves to enable establishing a connection between said CE and said another CE. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
Specification