Externally controlled reachability in virtual private networks

US 9,288,187 B2
Filed: 10/31/2007
Issued: 03/15/2016
Est. Priority Date: 07/03/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a call controller, a request for a first device in a first virtual private network to communicate with a second device in a second virtual private network using a connection that is prohibited between the first and second virtual private networks;

in response to the request;

causing a first provider edge router associated with the first device to store in a first virtual routing forwarding table a first entry defining a route between the first device and the second device, the first entry to indicate that the second device belongs to the first virtual private network;

causing a second provider edge router associated with the second device to store in a second virtual routing forwarding table a second entry defining the route between the first device and the second device, the second entry to indicate that the first device belongs to the second virtual private network; and

permitting the connection to allow the first device to communicate with the second device across the first and second virtual private networks based on the first entry in the first virtual routing forwarding table and the second entry in the second virtual routing forwarding table; and

causing removal of the first entry from the first virtual routing forwarding table and the second entry from the second virtual routing forwarding table when use of the connection is terminated to prevent subsequent communication between the first and second devices via the connection.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network that supports VPNs is enhanced to allow users in one VPN to communicate with users in another VPN in the course of executing a predefined application, such as VoIP. This capability is achieved dynamically by enabling a device that can communicate with the network elements that operate to normally prohibit inter-VPN communication to direct those network elements to enable such communication, at least for the purposes of specific applications.

41 Citations

17 Claims

1. A method comprising:
- receiving, at a call controller, a request for a first device in a first virtual private network to communicate with a second device in a second virtual private network using a connection that is prohibited between the first and second virtual private networks;
  
  in response to the request;
  
  causing a first provider edge router associated with the first device to store in a first virtual routing forwarding table a first entry defining a route between the first device and the second device, the first entry to indicate that the second device belongs to the first virtual private network;
  
  causing a second provider edge router associated with the second device to store in a second virtual routing forwarding table a second entry defining the route between the first device and the second device, the second entry to indicate that the first device belongs to the second virtual private network; and
  
  permitting the connection to allow the first device to communicate with the second device across the first and second virtual private networks based on the first entry in the first virtual routing forwarding table and the second entry in the second virtual routing forwarding table; and
  
  causing removal of the first entry from the first virtual routing forwarding table and the second entry from the second virtual routing forwarding table when use of the connection is terminated to prevent subsequent communication between the first and second devices via the connection.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as defined in claim 1, wherein the connection is a voice over internet protocol connection between the first and second devices.
  - 3. The method as defined in claim 1, wherein the first entry includes a first address of the first device as a first source identifier and a second address of the second device as a first destination identifier, and the second entry includes the first address of the first device as a second destination identifier and the second address of the second device as a second source identifier.
  - 4. The method as defined in claim 1, wherein causing the removal of the first entry from the first virtual routing forwarding table comprises includes:
    - receiving a message from one of the first device or the second device indicating that the use of the connection is terminated; and
      
      causing the first virtual routing forwarding table to remove the first entry in response to the message.
  - 5. The method as defined in claim 1, wherein the call controller is separate from the first and second devices.
  - 6. The method as defined in claim 1, wherein the connection is established temporarily during use of a particular application specified in the request.

7. A call controller comprising:
- a processor; and
  
  a memory to store machine readable instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  determining a request for a first device in a first virtual private network to communicate with a second device in a second virtual private network involves a connection that is prohibited between the first and second virtual private networks;
  
  in response to the request;
  
  causing a first provider edge router associated with the first device to store in a first virtual routing forwarding table a first entry defining a route between the first device and the second device, first entry to indicate that the second device belongs to the first virtual private network; and
  
  causing a second provider edge router associated with the second device to store in a second virtual routing forwarding table a second entry defining the route between the first device and the second device, the second entry to indicate that the first device belongs to the second virtual private network, the first and second entries to permit the first device to communicate with the second device across the first and second virtual private networks via the connection; and
  
  causing removal of the first entry from the first virtual routing forwarding table and the second entry from the second virtual routing forwarding table when use of the connection is terminated to prevent subsequent communication between the first and second devices via the connection.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The call controller as defined in claim 7, wherein the connection is a voice over internet protocol connection between the first and second devices.
  - 9. The call controller as defined in claim 7, wherein the first entry includes a first address of the first device as a first source identifier and a second address of the second device as a first destination identifier, and the second entry includes the first address of the first device as a second destination identifier and the second address of the second device as a second source identifier.
  - 10. The call controller as defined in claim 7, wherein causing the removal of the first entry from the first virtual routing forwarding table comprises includes:
    - accessing a message from one of the first device or the second device indicating that the use of the connection is terminated; and
      
      causing the first virtual routing forwarding table to remove the first entry based on the message.
  - 11. The call controller as defined in claim 10, wherein the call controller is separate from the first and second devices.
  - 12. The call controller as defined in claim 7, wherein the connection is to be established temporarily during use of a particular application specified in the request.

13. A storage disk or storage device comprising instructions which, when executed, cause a call controller to perform operations comprising:
- in response to a request for a first device in a first virtual private network to communicate with a second device in a second virtual private network using a connection that is prohibited between the first and second virtual private networks;
  
  causing a first provider edge router associated with the first device to store in a first virtual routing forwarding table a first entry defining a route between the first device and the second device, first entry to indicate that the second device belongs to the first virtual private network;
  
  causing a second provider edge router associated with the second device to store in a second virtual routing forwarding table a second entry defining the route between the first device and the second device, the second entry to indicate that the first device belongs to the second virtual private network; and
  
  permitting the connection to allow the first device to communicate with the second device across the first and second virtual private networks based on the first entry in the first virtual routing forwarding table and the second entry in the second virtual routing forwarding table; and
  
  causing removal of the first entry from the first virtual routing forwarding table and the second entry from the second virtual routing forwarding table when use of the connection is terminated to prevent subsequent communication between the first and second devices via the connection.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The storage disk or storage device as defined in claim 13, wherein the request is to use a voice over internet protocol connection between the first and second devices.
  - 15. The storage disk or storage device as defined in claim 13, wherein the first entry includes a first address of the first device as a first source identifier and a second address of the second device as a first destination identifier, andthe second entry includes the first address of the first device as a second destination identifier and the second address of the second device as a second source identifier.
  - 16. The storage disk or storage device as defined in claim 13, wherein causing the removal of the first entry from the first virtual routing forwarding table comprises includes:
    - responding to a message from one of the first device or the second device indicating that the use of the connection is terminated by causing the first virtual routing forwarding table to remove the first entry based on the message.
  - 17. The storage disk or storage device as defined in claim 13, wherein the connection is to be established temporarily during use of a particular application specified in the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Inventors
Iloglu, Ali Murat, Nguyen, Han Q.
Primary Examiner(s)
Nguyen, Phuoc
Assistant Examiner(s)
Belani, Kishin G

Application Number

US11/981,881
Publication Number

US 20080065783A1
Time in Patent Office

3,058 Days
Field of Search

709/219
US Class Current

1/1
CPC Class Codes

H04L 63/0272 Virtual private networks

Externally controlled reachability in virtual private networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Externally controlled reachability in virtual private networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links