Externally controlled reachability in virtual private networks

US 20080065783A1
Filed: 10/31/2007
Published: 03/13/2008
Est. Priority Date: 07/03/2003
Status: Active Grant

First Claim

Patent Images

1. An arrangement comprising a network adapted to allow customer edge (CE) devices to connect to the network via edge routers of the network (11-15) that are coupled to elements (18) which assign at least some of said devices to specified VPNs and which normally operate to prohibit interconnection of customer edge devices that do not share a commonly assigned VPN, characterized by:

a controller (110-200) that detects an identified application that is executed in a CE of said CEs and which calls for communication with another CE of said CEs, and (2) authorizes such communication when said identified application is included in a set of one or more allowed applications even when said CE and said another CE do not share a commonly assigned VPN, by directing one or more of said elements to modify themselves to enable establishing a connection between said CE and said another CE.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network that supports VPNs is enhanced to allow users in one VPN to communicate with users in another VPN in the course of executing a predefined application, such as VoIP. This capability is achieved dynamically by enabling a device that can communicate with the network elements that operate to normally prohibit inter-VPN communication to direct those network elements to enable such communication, at least for the purposes the purposes of specific applications.

20 Citations

View as Search Results

13 Claims

1. An arrangement comprising a network adapted to allow customer edge (CE) devices to connect to the network via edge routers of the network (11-15) that are coupled to elements (18) which assign at least some of said devices to specified VPNs and which normally operate to prohibit interconnection of customer edge devices that do not share a commonly assigned VPN, characterized by:
- a controller (110-200) that detects an identified application that is executed in a CE of said CEs and which calls for communication with another CE of said CEs, and (2) authorizes such communication when said identified application is included in a set of one or more allowed applications even when said CE and said another CE do not share a commonly assigned VPN, by directing one or more of said elements to modify themselves to enable establishing a connection between said CE and said another CE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The arrangement of claim 1 where each of said elements is a VPN routing and forwarding table.
  - 3. The arrangement of claim 2 where said routing table is within an associated one of said edge routers.
  - 4. The arrangement of claim 1 where said network is an MPLS network.
  - 5. The arrangement of claim 4 where said where each of said elements is a VPN routing and forwarding table within an associated one of said edge routers, and said controller directs an edge router of said edge routers though which said device is connected to said network to modify its routing and forwarding table, and directs an edge router of said edge routers though which said another device is connected to said network to modify its routing and forwarding table.
  - 6. The arrangement of claim 1 where said identified application is voice over IP and voice over IP is one of said allowed applications.
  - 7. The arrangement of claim 1 where said identified application is video over IP and video over IP is one of said allowed applications.
  - 8. The arrangement of claim 1 where said controller comprises a route server and a call control element.
  - 9. The method of claim 1 where said controller directs said elements to install a modification whose effect is to allow communication between said device and said another device and directs said elements to remove said modification at a later time and to thereby reinstate said prohibition.
  - 10. The method of claim 9 where said application is voice over Internet or video over Internet.
  - 11. The method of claim 10 where said directing said elements to remove said modification occurs substantially contemporaneously with termination of said voice over Internet or video over Internet communication.
  - 12. The method of claim 9 where said directing of said elements to install said modification comprises installing a first entry in a table of an element that is charged with blocking traffic so that no traffic is carried from said device to said another device that is assigned to a VPN to which said device is not assigned, which entry nullifies said blocking relative to said another device.
  - 13. The method of claim 12 where said first entry includes a criterion that nullifies said blocking only relative to traffic pertaining to said application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Iloglu, Ali, Nguyen, Han

Granted Patent

US 9,288,187 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/242
CPC Class Codes

H04L 63/0272 Virtual private networks

Externally controlled reachability in virtual private networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Externally controlled reachability in virtual private networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links