Multiplex communications – Diagnostic testing – Determination of communication parameters
Reexamination Certificate
1999-12-22
2002-04-02
Nguyen, Chau (Department: 2663)
Multiplex communications
Diagnostic testing
Determination of communication parameters
C370S401000
Reexamination Certificate
active
06366563
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to apparatuses, methods and computer program products that collect service level agreement (SLA) statistics in communication networks and especially virtual private networks (VPN).
2. Discussion of the Background
Communication networks provide an infrastructure by which messages (digital or analog) may be routed from a source to one or more destinations. Proprietary, exclusive networks may be used when messages are to be distributed only between a private set of network nodes. These proprietary networks may span only local regions, and are thus called local area network (LAN). Similarly, such proprietary networks may extend across a single city, and thus may be referred to as a metropolitan area network (MAN). When extending over a larger geographic region, where the nodes are separated by relatively large distances, the network is referred to as a wide area network (WAN).
However, the expense of establishing and maintaining a proprietary network whether it be a LAN, MAN or a WAN, is often not cost effective. Furthermore, maintaining the network often requires personnel with specialized skills, having job descriptions that may be well outside the scope of the company's main line of business. While the proprietary network does offer the advantages of dedicated security and avoidance of traffic congestion problems, the expense and maintenance issues associated with developing proprietary, exclusive-use networks is not often justifiable, particularly when publicly available resources are available, such as the Internet.
Virtual private networks (VPN) provide a cost effective alternative to proprietary networks. A VPN enables communication among a “community of interests” by enabling private traffic to be passed between at least two nodes within the VPN using a shared communication resource, such as the Internet. When the Internet is used as a component of the communication network, the VPN is referred to as an “Internet VPN”. However, unlike un-regulated and uncontrolled communications over the Internet, a VPN is usually established by Internet service providers (ISPs), who provide differentiated services from other users who are not part of the VPN. The differentiated services for users of the VPN, are contractually governed by an agreement between the ISP and VPN customer in the form of a “service level agreement” (SLA).
The SLA may include provisions for a predetermined network availability, such as 99.9% average end-to-end availability over a one month period for 10 or more sites, and at least 99.8% average end-to-end network availability over a period of one month for 3 to 9 sites. Network speed is another metric of performance that is typically part of the SLA, where an average network latency may be specified to be 120 milliseconds (ms) for round-trip transmission between VPN sites within the United States or within Europe, for example. Some Internet service providers, such as UUNET will provide a service level guarantee and will credit an account of a VPN customer if the level of service, as defined in the SLA, was not achieved. An optional feature in VPNs is the availability of encryption for data packets so that unintended “listeners” will not be able to decipher the information content of the messages sent through the commonly available information channel.
VPNs, and in particular Internet VPNs, often choose to employ tunneling technology as a way to securely transfer data between two similar networks (e.g., private LANs) over an intermediate network such as UUNET net IP network. Tunneling (sometimes referred to as “encapsulation”) encloses a first data packet in a new packet by appending a new header (transmitted in an unencrypted format) to the first data packet, so the network routes the new packet based on the information contained in the new header. The first data packet is usually encrypted when contained in the new data packet so no information can be gleaned from it, except by the intended recipient. The encapsulated packets travel through the network until they reach the destination identified in the new header. At the destination, the new header is stripped away and the first data packet is decrypted and processed. The tunneling and encryption may employ DES and 3DES standards-based technology for transferring data between network locations more securely via an OC-48 TCP/IP infrastructure, for example.
As determined by the inventors, several advantages to Internet VPNs include improved privacy, reduced cost relative to dedicated leased lines, and an improved coverage area, largely owing to the availability of the global reach of the Internet.
As recognized by the present inventors, conventional Internet VPNs are suboptimal in flexibility and scaleability.
FIG. 1
, shows an example conventional VPN with a source probe
1
and destination probe
3
that cooperate to collect network SLA statistics. The source probe
1
is hosted on a personal computer using a UNIX operation system, for example, and has a particular IP address. The source probe
1
prepares a 1-packet probe (probe message) that is sent through a source router
7
and then through the network
17
to the destination probe
3
. The source probe
1
includes in the probe message a time stamp, indicating the time at which the source probe
1
sent the probe message. The source router
7
, which is maintained on a customer's site with the source probe
1
, has a different IP address than the source probe
1
. The router
7
also handles signals for terminals on a source LAN
10
, which itself has a different IP address. As with the source probe
1
, source router
7
and source LAN
10
, the destination probe
3
, destination router
13
and destination LAN
12
all have unique IP addresses.
The network
17
includes routers
9
that are interconnected by way of lines
4
. Likewise, routers
5
are interconnected by lines
2
. Interconnections between routers
9
and
5
are not shown to help illustrate the point that there are different physical paths that a packet may follow through the network
17
when traveling from the source probe I to the destination probe
3
. The actual path that a particular packet follows (i.e., an “in-band” path, or channel) will be influenced by the source/destination pair included in its header. Because the source/destination pair will vary depending which device is generating the packet and which device is receiving the packet, packets handled by the source router
7
and ultimately headed through destination router
13
may follow different routes through the network
17
. Routers
5
and
9
in the network include routing tables that direct how certain packets are routed, and thus these routers may handle one packet from the source probe
1
, different from a packet generated by a terminal on the source LAN
10
. Thus, a data packet from the source LAN
10
may follow a path through the routers
5
and lines
2
(“in-band” path) while the probe message may follow a path through the routers
9
and lines
4
(i.e., not “in-band”). Of course, the two paths may be the same, although there is no guarantee.
The operation of sending the probe message and collecting statistics is now described. The probe message is formed and sent from the source probe
1
at a predetermined time and a time stamp of the send time is included in the probe message. Once the probe message is passed through the network
17
and by the destination router
13
to the destination probe
3
, the destination probe
3
recognizes that the probe message has been received. The destination probe
3
then sends a reply probe message to the source probe
1
, and includes information in the reply probe message regarding the time that the destination probe
3
took between receiving the probe message and transmitting the reply probe message. Thus, the reply probe message includes the time stamp inserted by the source probe
1
and the remote latency caused by the destination probe
3
. In this way, when the sourc
Osborne Joshua
Weldon Jedrick J.
MCI WorldCom Inc.
Nguyen Chau
Trinh D.
LandOfFree
Method, computer program product, and apparatus for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, computer program product, and apparatus for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, computer program product, and apparatus for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2898301