Method and apparatus for managing a virtual private network

US 6,079,020 A
Filed: 01/27/1998
Issued: 06/20/2000
Est. Priority Date: 01/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing virtual private networks operating over a public data network, the public data network including a plurality of virtual private network gateways so that communications across virtual private networks are channeled through the virtual private network gateways, the method comprising:

receiving a command specifying an operation on a virtual private network;

wherein the command specifies the operation in terms of at least one higher-level object without specifying network addresses;

determining which virtual private network gateways are affected by the command;

translating automatically the command into configuration parameters for virtual private network gateways affected by the command, the configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network;

wherein translating the command involves retrieving network addresses associated with the at least one higher-level object;

wherein the configuration parameters specify lower-level network addresses; and

transmitting the configuration parameters to the virtual private network gateways affected by the command.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and an apparatus for managing a virtual private network operating over a public data network. This public data network has been augmented to include a plurality of virtual private network gateways so that communications across the virtual private network are channeled through the virtual private network gateways. One embodiment of the present invention includes a system that operates by receiving a command specifying an operation on the virtual private network. The system determines which virtual private network gateways are affected by the command. The system then automatically translates the command into configuration parameters for virtual private network gateways affected by the command. These configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network. The system then transmits the configuration parameters to the virtual private network gateways affected by the command, so that the virtual private network gateways are configured to implement the command.

494 Citations

22 Claims

1. A method for managing virtual private networks operating over a public data network, the public data network including a plurality of virtual private network gateways so that communications across virtual private networks are channeled through the virtual private network gateways, the method comprising:
- receiving a command specifying an operation on a virtual private network;
  
  wherein the command specifies the operation in terms of at least one higher-level object without specifying network addresses;
  
  determining which virtual private network gateways are affected by the command;
  
  translating automatically the command into configuration parameters for virtual private network gateways affected by the command, the configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network;
  
  wherein translating the command involves retrieving network addresses associated with the at least one higher-level object;
  
  wherein the configuration parameters specify lower-level network addresses; and
  
  transmitting the configuration parameters to the virtual private network gateways affected by the command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising the steps of:
    - receiving the configuration parameters at a virtual private network gateway;
      
      receiving, at the virtual private network gateway, a communication between nodes in the public data network;
      
      using the configuration parameters to determine whether the source and destination addresses of the communication belong to the same virtual private network; and
      
      if the source and destination addresses belong to the same virtual private network, ensuring that the communication is transmitted securely over the public data network.
  - 3. The method of claim 1, wherein receiving the command specifying the operation on the virtual private network includes receiving the command at a virtual private network management station coupled to the public data network.
  - 4. The method of claim 1, wherein receiving the command includes receiving a command to create a virtual private network.
  - 5. The method of claim 1, wherein receiving the command includes receiving a command to modify a virtual private network.
  - 6. The method of claim 1, wherein receiving the command includes receiving a command to delete a virtual private network.
  - 7. The method of claim 1, wherein translating the command into configuration parameters includes translating the command into configuration parameters specifying Internet protocol (IP) addresses.
  - 8. The method of claim 1, wherein translating the command into configuration parameters includes translating the command into configuration parameters that specify groups of addresses between which communications are to be transmitted securely.
  - 9. The method of claim 1, wherein translating the command into configuration parameters includes:
    - aggregating address specifiers for groups of nodes involved in the command; and
      
      creating configuration parameters by determining for each virtual private network gateway affected by the command which address specifiers specify local addresses on the local network coupled to the virtual private network gateway, and which address specifiers specify non-local addresses.
  - 10. The method of claim 1, wherein transmitting the configuration parameters to the virtual private network gateways affected by the command includes transmitting configuration parameters securely over the public data network.
  - 11. The method of claim 1, further comprising the step of updating a database to reflect changes on the virtual private network caused by the operation specified in the command.
  - 12. The method of claim 1, wherein translating the command includes translating the command into configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses, wherein at least one of the specific groups of addresses include an address of a remote client coupled to the public data network through an internet service provider (ISP).

13. A method for managing virtual private networks operating over a public data network, the public data network including a plurality of virtual private network gateways so that communications across virtual private networks are channeled through the virtual private network gateways, the method comprising:
- receiving, at a virtual private network management station coupled to the public data network, a command specifying an operation on a virtual private network;
  
  wherein the command specifies the operation in terms of at least one higher-level object without specifying network addresses;
  
  determining which virtual private network gateways are affected by the command;
  
  translating automatically the command into configuration parameters for virtual private network gateways affected by the command, the configuration parameters specifying groups of addresses on the public data network between which communications are to be transmitted securely;
  
  wherein translating the command involves retrieving network addresses associated with the at least one higher-level object;
  
  wherein the configuration parameters specify lower-level network addresses;
  
  transmitting the configuration parameters securely to the virtual private network gateways affected by the command; and
  
  updating a database to reflect changes on the virtual private network caused by the operation specified in the command.

14. A program storage device storing instructions that when executed by a computer perform a method for managing virtual private networks operating over a public data network, the public data network including a plurality of virtual private network gateways so that communications across virtual private networks are channeled through the virtual private network gateways, the method comprising:
- receiving a command specifying an operation on a virtual private network;
  
  wherein the command specifies the operation in terms of at least one higher-level object without specifying network addresses;
  
  determining which virtual private network gateways are affected by the command;
  
  translating automatically the command into configuration parameters for virtual private network gateways affected by the command, the configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network;
  
  wherein translating the command involves retrieving network addresses associated with the at least one higher-level object;
  
  wherein the configuration parameters specify lower-level network addresses; and
  
  transmitting the configuration parameters to the virtual private network gateways affected by the command.

15. An apparatus for managing virtual private networks operating over a public data network, the public data network including a plurality of virtual private network gateways so that communications across virtual private networks are channeled through the virtual private network gateways, the apparatus comprising:
- a computer system coupled to the public data network;
  
  a user interface within the computer system for receiving a command from a user;
  
  wherein the command specifies the operation in terms of at least one higher-level object without specifying network addresses;
  
  a command handler in communication with the user interface for handling the command received by the user interface;
  
  a translation module in communication with the command handler for translating the command into configuration parameters for virtual private network gateways affected by the command, the configuration parameters specifying how the virtual private network gateways handle communications between specific groups of addresses on the public data network;
  
  wherein translating the command involves retrieving network addresses associated with the at least one higher-level object;
  
  wherein the configuration parameters specify lower-level network addresses; and
  
  a communication module in communication with the translation module for communicating the configuration parameters to virtual private network gateways.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The apparatus of claim 15, including a database in communication with the command handler for storing the state of virtual private networks managed by the apparatus.
  - 17. The apparatus of claim 15, wherein the command includes a command to create a virtual private network.
  - 18. The apparatus of claim 15, wherein the command includes a command to modify a virtual private network.
  - 19. The apparatus of claim 15, wherein the command includes a command to delete a virtual private network.
  - 20. The apparatus of claim 15, wherein the configuration parameters specify groups of addresses between which communications are to be transmitted securely.
  - 21. The apparatus of claim 15, wherein the communication module includes resources to transmit the configuration parameters securely over the public data network.
  - 22. The apparatus of claim 15, wherein the specific groups of addresses include an address of a remote client coupled to the public data network through an internet service provider (ISP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
VPNet Technologies, Inc. (Avaya Incorporated)
Inventors
Liu, Quentin C.
Primary Examiner(s)
Sheikh, Ayaz R.
Assistant Examiner(s)
PANCHOLI, JIGAR K

Application Number

US09/013,743
Time in Patent Office

875 Days
Field of Search

713/200, 713/201, 709/220-226
US Class Current

726/15
CPC Class Codes

H04L 41/22   comprising specially adapte...

H04L 41/40   using virtualisation of net...

H04Q 3/0029   Provisions for intelligent ...

Method and apparatus for managing a virtual private network

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

494 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing a virtual private network

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

494 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links