Method and system for routing traffic across multiple interfaces via VPN traffic selectors and local policies

US 8,638,794 B1
Filed: 04/15/2010
Issued: 01/28/2014
Est. Priority Date: 04/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method of routing data traffic of a mobile device, serviced by an operator, across multiple network interfaces, comprising the steps of:

obtaining a packet data unit (PDU), generated in association with an application that can be selectively activated on the mobile device and carrying a destination Internet protocol (IP) address representing a server supporting the application;

identifying, by a broker associated with the mobile device, the destination IP address from the obtained PDU;

retrieving information relating to one or more traffic selectors after identifying the destination IP address from the obtained PDU;

determining whether the obtained PDU is associated with an operator application or a non-operator application based on the destination IP address and the information relating to the one or more traffic selectors;

routing, by the broker, the PDU to one of the multiple network interfaces based on the determination of whether the obtained PDU is associated with an operator application or a non-operator application,wherein, a PDU associated with an operator application is routed via a virtual private network (VPN) when the mobile device can-not be connected to an operator network of the mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system for routing traffic across multiple network interfaces with use of VPN traffic selector as part of decision making, for example, in the context of a mobile communication network. A packet data unit (PDU) is generated in association with an application that can be selectively activated on a mobile device and carries a destination Internet protocol (IP) address representing a server that supports the application. A broker associated with the mobile device retrieves information relating to traffic selectors and determines whether the PDU is associated with an operator application or a non-operator application based on the destination IP address and the information relating to traffic selectors. The broker routes the PDU to one of the multiple network interfaces based on whether the PDU is from an operator application traffic and local policies. When the PDU is associated with an operator application and the mobile device is not connected to its operator network, the PDU is routed via a virtual private network (VPN) selector.

23 Citations

View as Search Results

24 Claims

1. A method of routing data traffic of a mobile device, serviced by an operator, across multiple network interfaces, comprising the steps of:
- obtaining a packet data unit (PDU), generated in association with an application that can be selectively activated on the mobile device and carrying a destination Internet protocol (IP) address representing a server supporting the application;
  
  identifying, by a broker associated with the mobile device, the destination IP address from the obtained PDU;
  
  retrieving information relating to one or more traffic selectors after identifying the destination IP address from the obtained PDU;
  
  determining whether the obtained PDU is associated with an operator application or a non-operator application based on the destination IP address and the information relating to the one or more traffic selectors;
  
  routing, by the broker, the PDU to one of the multiple network interfaces based on the determination of whether the obtained PDU is associated with an operator application or a non-operator application,wherein, a PDU associated with an operator application is routed via a virtual private network (VPN) when the mobile device can-not be connected to an operator network of the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the traffic selectors are represented as ranges of IP addresses corresponding to applications supported by the operator.
  - 3. The method of claim 2, wherein the ranges of IP addresses are dynamically updated on the mobile device and stored in the mobile device during exchange of traffic selectors at VPN setup.
  - 4. The method of claim 2, wherein the step of determining comprises the steps of:
    - comparing the destination IP address with the ranges of IP addresses;
      
      deciding that the PDU relates to an operator application if the destination IP address is within one of the ranges of IP addresses; and
      
      deciding that the PDU relates to a non-operator application if the destination IP address is not within any of the ranges of IP addresses.
  - 5. The method of claim 1, wherein the step of routing the PDU comprises the steps of:
    - routing the PDU associated with an operator application to an operator application server residing within the operator network; and
      
      routing a PDU associated with a non-operator application traffic based on a determination whether the destination IP address is public or private.
  - 6. The method of claim 1, wherein the step of routing the PDU associated with an operator application comprises the steps of:
    - checking whether the mobile device is currently connected to the operator network;
      
      routing the PDU to the operator network if the mobile device is currently connected to the operator network; and
      
      identifying an alternative viable means to route the PDU based on one or more policies if the mobile device is currently not connected to the operator network.
  - 7. The method of claim 6, wherein the step of identifying an alternative viable means to route the PDU comprises the steps of:
    - checking whether the mobile device is currently associated with a non-operator network;
      
      if the mobile device is currently not associated with a non-operator network and an non-operator network is available, establishing an association between the mobile device and the available non-operator network, whether or not the operator network is available;
      
      if an association between the mobile device and a non-operator network either exists or can be successfully established, routing the PDU through the non-operator network via the VPN;
      
      if an association between the mobile device and a non-operator network does not exists and can-not be successfully established but the operator network is currently available, establishing a connection between the mobile device and the operator network;
      
      if an association between the mobile device and a non-operator network does not exist and can-not be established and a connection between the mobile device and the operator network is successfully established, routing the PDU via the operator network; and
      
      if neither a connection between the mobile device and the operator network nor an association between the mobile device and an non-operator network exists and can be established, discarding the PDU.
  - 8. The method of claim 6, wherein the step of identifying a viable means to route the PDU based on policies comprises the steps of:
    - checking whether the operator network is available to make a connection with the mobile device;
      
      if the operator network is available, establishing a connection between the mobile device and the operator network;
      
      routing the PDU to the operator application server via the operator network if the mobile device is successfully connected to the operator network, whether or not an association between the mobile device and a non-operator network exists;
      
      if the connection between the mobile device and the operator network does not exists and can not be established, the mobile device is currently not associated with a non-operator network but a non-operator network is available, establishing an association between the mobile device and the non-operator network;
      
      if a connection between the mobile device and the operator network does not exists and can-not be established and the association between the mobile device and a non-operator network exists or can be successfully established, routing the PDU through the non-operator network via the VPN; and
      
      if neither an association between the mobile device and a non-operator network nor a connection between the mobile device and the operator network exists and can be established, discarding the PDU.
  - 9. The method of claim 7, wherein the step of routing the PDU via the VPN traffic selector comprises the steps of:
    - checking whether the mobile device is currently associated with the VPN;
      
      establishing an association between the mobile device and the VPN if the mobile device is currently not associated with the VPN; and
      
      routing the PDU to an operator application server hosting the application via the VPN.
  - 10. The method of claim 8, wherein the step of routing the PDU via the VPN comprises the steps of:
    - checking whether the mobile device is currently associated with the VPN;
      
      establishing an association between the mobile device and the VPN if the mobile device is currently not associated with the VPN; and
      
      routing the PDU to an operator application server hosting the application via the VPN traffic selector.
  - 11. The method of claim 5, wherein the step of routing the PDU of a non-operator application traffic comprises the steps of:
    - determining whether the destination IP address is a public or private IP address;
      
      routing the PDU via either a non-operator network or the operator network if the destination IP address is a public IP address; and
      
      routing the PDU via a non-operator network if the destination IP address is a private IP address.
  - 12. The method of claim 11, wherein the step of routing the PDU that has a public IP address comprises the steps of:
    - checking whether the mobile device is currently associated with a non-operator network;
      
      if the mobile device is currently not associated with a non-operator network and a non-operator network is available, establishing an association between the mobile device and a non-operator network;
      
      if an association between the mobile device and a non-operator network either exists or can be successfully established, routing the PDU via the non-operator network, whether or not a connection between the mobile device and the operator network exists;
      
      if the association between the mobile device and a non-operator network does not exist and can-not be successful established and the operator network is available, establishing a connection between the mobile device and the operator network;
      
      if no association between the mobile device and a non-operator network exists and can be made and a connection between the mobile device and the operator network either exists or can be successfully established, routing the PDU via the operator network; and
      
      if neither an association between the mobile device and a non-operator network nor a connection between the mobile device and the operator network exists and can be established, discarding the PDU.
  - 13. The method of claim 11, wherein the step of routing the PDU that has a public IP address comprises the steps of:
    - checking whether the mobile device is currently connected to the operator network;
      
      if the operator network is currently not connected to the mobile device but is available, establishing a connection between the mobile device and the operator network;
      
      if the mobile device is either already connected to the operator network or a connection between the mobile device and the operator network is successfully made, routing the PDU via the operator network, whether or not an association exists between the mobile device and a non-operator network;
      
      if the mobile device is not and can-not be successfully connected to the operator network and is currently not associated with a non-operator network but a non-operator network is available, establishing an association between the mobile device and the available non-operator network;
      
      if no connection between the mobile device and the operator network exists and can be established and an association between the mobile device and a non-operator network either exists or can be successfully established, routing the PDU via the non-operator network to the application; and
      
      if neither a connection between the mobile device and the operator network nor an association between the mobile device and a non-operator network exists and can be established, discarding the PDU.
  - 14. The method of claim 11, wherein the step of routing the PDU that has a private IP address comprises the steps of:
    - checking whether the mobile device is currently associated with a non-operator network;
      
      establishing an association between the mobile device and a non-operator network if the mobile device is currently not associated with a non-operator network and a non-operator network is available;
      
      if an association between the mobile device and a non-operator network either exists or can be successfully established, routing the PDU via the associated non-operator network to the application; and
      
      if an association between the mobile device and a non-operator network does not exist and can-not be established, discarding the PDU, whether or not the mobile device is connected to the operator network.

15. An apparatus comprising:
- a storage configured for storing information related to one or more traffic selectors based on which a routing decision is made; and
  
  a broker configured for receiving a packet data unit (PDU), generated in association with an application that can be selectively activated on a mobile device, serviced by an operator, and having a destination Internet protocol (IP) address representing a server supporting the application, and routing the PDU across multiple network interfaces,wherein the broker routes the PDU to one of the multiple network interfaces based on whether the PDU is associated with an operator application or a non-operator application, anda PDU associated with an operator application is routed via a virtual private network (VPN) when the mobile device can-not be connected to an operator network of the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The apparatus of claim 15, wherein the broker comprises:
    - a PDU analyzer configured for analyzing the received PDU and identifying the destination IP address from the PDU;
      
      a traffic selector (TS) matching mechanism configured for retrieving the information related to the one or more traffic selectors, represented as ranges of IP addresses corresponding to applications supported by the operator, and determining whether the destination IP address is within any of the ranges of IP addresses;
      
      an interface routing determiner configured for reaching a determination as to whether the PDU is associated with an operator application or a non-operator application based on the result of the matching and routing the PDU to an appropriate network interface based on the determination and the connectivity status of multiple networks.
  - 17. The apparatus of claim 16, wherein the broker further comprises:
    - a network status determiner configured to check the connectivity status of any of the multiple networks;
      
      a connection establishment mechanism configured to make a connection/association with any of the multiple networks;
      
      a VPN setup mechanism configured for setting up a VPN when the PDU is to be routed to an operator application server located in the operator network via a non-operator network; and
      
      a plurality of interfaces each of which is configured for routing the PDU to a corresponding network interface.
  - 18. The apparatus of claim 16, wherein the interface routing determiner, in reaching the determination, is configured to:
    - compare the destination IP address with one or more IP addresses within the ranges of IP addresses;
      
      decide that the PDU relates to an operator application if the destination IP address is within one of the ranges of IP addresses; and
      
      decide that the PDU relates to a non operator application if the destination IP address is not within any of the ranges of IP addresses.
  - 19. The apparatus of claim 16, wherein the interface routing determiner in routine the PDU to the appropriate network interface is configured to:
    - route the PDU associated with an operator application to an operator application server residing within the operator network; and
      
      route the PDU associated with an non-operator application based on a determination whether the destination IP address is public or private.
  - 20. The apparatus of claim 19, wherein when the PDU is associated with an non-operator application,if the PDU has a private IP address, the broker routes the PDU via a non-operator network;
    - andif the PDU has a public IP address, the broker routes the PDU via either a non-operator or an operator network, depending on whether the mobile device can be connected or associated with an available network and preferences set in local policies.
  - 21. The apparatus of claim 19, wherein the broker routes the PDU associated with an operator application by:
    - checking whether the mobile device is currently connected to the operator network;
      
      routing the PDU to the operator network if the mobile device is currently connected to the operator network; and
      
      identifying an alternative viable means to route the PDU.
  - 22. The apparatus of claim 21, wherein the broker in routing the PDU associated with the operator application is further configured to:
    - check whether the mobile device is currently associated with a non-operator network;
      
      if the mobile device is currently not associated with a non-operator network but an non-operator network is available, establish an association between the mobile device and the available non-operator network;
      
      if an association between the mobile device and a non-operator network either exists or can be successfully established, routes the PDU through the non-operator network via the VPN, whether or not the operator network is available; and
      
      if the association between the mobile device and a non-operator network does not exist and can be established and the operator network is available, establish a connection between the mobile device and the operator network;
      
      if no association between the mobile device and a non-operator network exists and can be established and the mobile device can be successfully connected to the operator network, route the PDU to the operator application server via the operator network; and
      
      if neither an association between the mobile device and a non-operator network nor a connection between the mobile device and the operator network exists and can be established, discard the PDU.
  - 23. The apparatus of claim 21, wherein the broker in routing the PDU associated with the operator application is further configured to:
    - check whether the operator network is currently available;
      
      if the operator network is available, establish a connection between the mobile device and the operator network;
      
      if the mobile device is already connected to the operator network or the connection can be successfully made, routes the PDU through to the operator network, whether or not an association between the mobile device and a non-operator exists;
      
      if no connection between the mobile device and the operator network exists and can be established and a non-operator network is available, establish an association between the mobile device and the available non-operator network;
      
      if no connection between the mobile device and the operator network exists and can be established and an association between the mobile device and the available non-operator network exists or can be established, route the PDU through the non-operator network via the VPN; and
      
      if neither the association between the mobile device and a non-operator network nor a connection between the mobile device and the operator network exists and can be established, discard the PDU.

24. A non-transitory machine readable medium having data stored thereon, the data, once read by a machine, cause the machine to perform the steps of:
- obtaining a packet data unit (PDU), generated in association with an application that can be selectively activated on the mobile device and carrying a destination Internet protocol (IP) address representing a server supporting the application;
  
  identifying, by a broker associated with the mobile device, the destination IP address from the PDU;
  
  retrieving information relating to one or more traffic selectors;
  
  determining whether the PDU is associated with an operator application or a non-operator application based on the destination IP address and the information relating to the one or more traffic selectors;
  
  routing, by the broker, the PDU to one of the multiple network interfaces based on the determination of whether the PDU is associated with an operator application or a non-operator application,wherein, a PDU associated with an operator application is routed via a virtual private network (VPN) when the mobile device can-not be connected to an operator network of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Ephraim, Robert Martin, Kalbag, Rohit Satish, Chen, Ben-Ren
Primary Examiner(s)
Sam, Phirin

Application Number

US12/761,131
Time in Patent Office

1,384 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04W 4/00   Services specially adapted ...

Method and system for routing traffic across multiple interfaces via VPN traffic selectors and local policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for routing traffic across multiple interfaces via VPN traffic selectors and local policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links