Regulation of network traffic in virtual private networks

US 8,867,349 B2
Filed: 05/18/2009
Issued: 10/21/2014
Est. Priority Date: 05/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;

identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;

identifying a policy associated with the particular virtual private network; and

regulating a portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy, the regulation of the portion of the network traffic including shaping the portion of the network traffic by increasing a first bandwidth allocation at a first routing device of the particular virtual private network and decreasing a second bandwidth allocation at a second routing device of the particular virtual private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a method is provided for regulating network traffic and virtual private networks. In this method, network traffic transmitted along multiple communication paths is received, and these communication paths are associated with forwarding identifiers. A portion of the forwarding identifiers is identified to match a particular forwarding identifier associated with a particular virtual private network. At the same time, the policy associated with the particular virtual private network is identified. A portion of the network traffic that is associated with the portion of the identified forwarding identifiers can then be regulated based on the policy.

Citations

23 Claims

1. A method comprising:
- receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network; and
  
  regulating a portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy, the regulation of the portion of the network traffic including shaping the portion of the network traffic by increasing a first bandwidth allocation at a first routing device of the particular virtual private network and decreasing a second bandwidth allocation at a second routing device of the particular virtual private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the plurality of communication paths is further associated with a control plane identifier that corresponds to the particular virtual private network, the method further comprising mapping the control plane identifier to the plurality of forwarding identifiers through a table that maps the control plane identifier to the plurality of forwarding identifiers.
  - 3. The method of claim 1, wherein the plurality of communication paths is a plurality of label switched communication paths, the plurality of forwarding identifiers is a plurality of input labels, and the forwarding identifier associated with the particular virtual private network is a label.
  - 4. The method of claim 3, wherein the identification of the portion of the plurality of forwarding identifiers comprises comparing each input label in the plurality of input labels with the label associated with the particular virtual private network.
  - 5. The method of claim 1, wherein the regulation of the portion of the network traffic comprises dropping at least the portion of the network traffic that exceeds a threshold traffic rate.
  - 6. The method of claim 1, wherein the network traffic is a portion of a total network traffic associated with the particular virtual private network, the total network traffic is divided between a plurality of remote routing devices, the method further comprising:
    - receiving a network bandwidth utilization associated with the total network traffic from at least one of the plurality of remote routing devices; and
      
      regulating the portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy and the network bandwidth utilization.
  - 7. The method of claim 1, wherein regulating the portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers includes comparing forwarding identifiers in the network traffic with the identified portion of the plurality of forwarding identifiers.

8. Logic encoded in one or more tangible, non-transitory media for execution and when executed operable to perform operations comprising:
- receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network; and
  
  regulating a portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy, the regulation of the portion of the network traffic including shaping the portion of the network traffic by increasing a first bandwidth allocation at a first routing device of the particular virtual private network and decreasing a second bandwidth allocation at a second routing device of the particular virtual private network.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The logic of claim 8, wherein the plurality of communication paths is further associated with a control plane identifier that corresponds to the particular virtual private network, the logic further operable to map the control plane identifier to the plurality of forwarding identifiers through a table that maps the control plane identifier to the plurality of forwarding identifiers.
  - 10. The logic of claim 9, wherein the operation of mapping the control plane identifier comprises:
    - access a data structure that is configured to store a plurality of control plane identifiers, a plurality of groups of forwarding identifiers, and a plurality of associations between each of the plurality of control plane identifiers and each of the plurality of groups of forwarding identifiers;
      
      identify a match of the control plane identifier with one of the plurality of control plane identifiers; and
      
      identify one group in the plurality of groups of forwarding identifiers that is associated with the one of the plurality of control plane identifiers based on one of the plurality of associations between the one group and the one of the plurality of control plane identifiers.
  - 11. The logic of claim 9, wherein the control plane identifier is a route target.
  - 12. The logic of claim 8, further operable to:
    - identify a network bandwidth utilization associated with the particular virtual private network; and
      
      transmit the network bandwidth utilization to a plurality of remote routing devices.
  - 13. The logic of claim 12, wherein network bandwidth utilization is transmitted by way of an Inter-Control Center Communications protocol (ICCP).
  - 14. The logic of claim 8, wherein the particular virtual private network is a Layer 2 virtual private network.
  - 15. The logic of claim 8, wherein the particular virtual private network is a Layer 3 virtual private network.
  - 16. The logic of claim 8, wherein the policy is a quality of service (QoS) policy.

17. An apparatus comprising:
- at least one processor; and
  
  a machine-readable medium in communication with the at least one processor, the machine-readable medium being configured to store a policy management and application module, the policy management and application module being executed by the at least one processor cause operations to be performed, comprising;
  
  receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network;
  
  regulating a portion of the network traffic associated with the portion of the plurality of forwarding identifiers based on the policy;
  
  identifying a network bandwidth utilization associated with the particular virtual private network; and
  
  transmitting the network bandwidth utilization to a plurality of remote routing devices.
- View Dependent Claims (18, 19)
- - 18. The apparatus of claim 17, wherein the apparatus is an autonomous system border router.
  - 19. The apparatus of claim 17, wherein the network traffic is a portion of a total network traffic associated with the particular virtual private network, the total network traffic is divided between a plurality of remote routing devices, the operations further comprising:
    - receiving a network bandwidth utilization associated with the total network traffic from at least one of the plurality of remote routing devices; and
      
      regulating the portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy and the network bandwidth utilization.

20. An apparatus comprising:
- a virtual private network traffic identification module configured to receive network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  a first means for identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  a second means for identifying a policy associated with the particular virtual private network; and
  
  a third means for regulating a portion of the network traffic associated with the portion of the plurality of forwarding identifiers based on the policy, the regulation of the portion of the network traffic including shaping the portion of the network traffic by increasing a first bandwidth allocation at a first routing device of the particular virtual private network and decreasing a second bandwidth allocation at a second routing device of the particular virtual private network.

21. A method comprising:
- receiving network traffic transmitted along a plurality of label-switched communication paths, the plurality of label-switched communication paths being associated with a plurality of input labels that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of input labels to match a label associated with a particular virtual private network, each input label in the identified portion of the plurality of input labels corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network; and
  
  regulating a portion of the network traffic associated with the identified portion of the plurality of input labels based on the policy.

22. A method comprising:
- receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network;
  
  regulating a portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy, the network traffic associated with the identified portion of the plurality of forwarding identifiers being a portion of a total network traffic associated with the particular virtual private network, and the total network traffic being divided between a plurality of remote routing devices;
  
  receiving a network bandwidth utilization associated with the total network traffic from at least one of the plurality of remote routing devices; and
  
  regulating the portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy and the network bandwidth utilization.

23. An apparatus comprising:
- at least one processor; and
  
  a machine-readable medium in communication with the at least one processor, the machine-readable medium being configured to store a policy management and application module, the policy management and application module being executed by the at least one processor cause operations to be performed, comprising;
  
  receiving network traffic transmitted along a plurality of communication paths, the plurality of communication paths being associated with a plurality of forwarding identifiers that identify destination addresses for the communication paths at device interfaces in a network;
  
  identifying a portion of the plurality of forwarding identifiers to match a forwarding identifier associated with a particular virtual private network, each forwarding identifier in the identified portion of the plurality of forwarding identifiers corresponding to a destination address in the particular virtual private network;
  
  identifying a policy associated with the particular virtual private network;
  
  regulating a portion of the network traffic associated with the portion of the plurality of forwarding identifiers based on the policy, the network traffic associated with the portion of the plurality of forwarding identifiers being a portion of a total network traffic associated with the particular virtual private network, and the total network traffic being divided between a plurality of remote routing devices;
  
  receiving a network bandwidth utilization associated with the total network traffic from at least one of the plurality of remote routing devices; and
  
  regulating the portion of the network traffic associated with the identified portion of the plurality of forwarding identifiers based on the policy and the network bandwidth utilization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Martini, Luca, Guichard, James Neil
Primary Examiner(s)
Rinehart, Mark
Assistant Examiner(s)
YEUNG, MANG HANG

Application Number

US12/467,918
Publication Number

US 20100290485A1
Time in Patent Office

1,982 Days
Field of Search

370/477, 370/392, 370/393, 370/389, 370/397, 370/400, 370/401, 370/230, 370/230.1, 709224-226, 709/223, 709/228, 709/229, 709/238
US Class Current

370/230.1
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/50   using label swapping, e.g. ...

H04L 47/10   Flow control; Congestion co...

H04L 47/20   Traffic policing

H04L 47/22   Traffic shaping

Regulation of network traffic in virtual private networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Regulation of network traffic in virtual private networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links