Multiplex communications – Data flow congestion prevention or control – Flow control of data transmission through a network
Reexamination Certificate
1999-10-15
2004-02-17
Hsu, Alpus H. (Department: 2665)
Multiplex communications
Data flow congestion prevention or control
Flow control of data transmission through a network
C370S392000, C370S395310, C370S395520, C370S397000, C370S409000, C709S238000
Reexamination Certificate
active
06693878
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to digital computer network technology. More specifically, it relates to methods and apparatus for facilitating processing and routing of packets in Virtual Private Networks (VPNs).
Broadband access technologies such as cable, fiber optic, and wireless have made rapid progress in recent years. Recently there has been a convergence of voice and data networks which is due in part to US deregulation of the telecommunications industry. In order to stay competitive, companies offering broadband access technologies need to support voice, video, and other high-bandwidth applications over their local access networks. For networks that use a shared access medium to communicate between subscribers and the service provider (e.g., cable networks, wireless networks, etc.), providing reliable high-quality voice/video communication over such networks is not an easy task.
A cable modem network or “cable plant” employs cable modems, which are an improvement of conventional PC data modems and provide high speed connectivity. Cable modems are therefore instrumental in transforming the cable system into a full service provider of video, voice and data telecommunications services. Digital data on upstream and downstream channels of the cable network is carried over radio frequency (“RF”) carrier signals. Cable modems convert digital data to a modulated RF signal for upstream transmission and convert downstream RF signal to digital form. The conversion is done at a subscriber's home. At a cable modem termination system (“CMTS”) located at a Head End of the cable network, the conversions are reversed. The CMTS converts downstream digital data to a modulated RF signal, which is carried over the fiber and coaxial lines to the subscriber premises. The cable modem then demodulates the RF signal and feeds the digital data to a computer. On the return path, the digital data is fed to the cable modem (from an associated PC for example), which converts it to a modulated RF signal. Once the CMTS receives the upstream RF signal, it demodulates it and transmits the digital data to an external source.
FIG. 1
is a block diagram of a typical two-way hybrid fiber-coaxial (HFC) cable network system. It shows a Head End
102
(essentially a distribution hub) which can typically service about 40,000 homes. Head End
102
contains a CMTS
104
that is needed when transmitting and receiving data using cable modems. Primary functions of the CMTS include (1) receiving baseband data inputs from external sources
100
and converting the data for transmission over the cable plant (e.g., converting Ethernet or ATM baseband data to data suitable for transmission over the cable system); (2) providing appropriate Media Access Control (MAC) level packet headers for data received by the cable system, and (3) modulating and demodulating the data to and from the cable system.
Head End
102
connects through pairs of fiber optic lines
106
(one line for each direction) to a series of fiber nodes
108
. Each Head End can support normally up to 80 fiber nodes. Pre-HFC cable systems used coaxial cables and conventional distribution nodes. Since a single coaxial cable was capable of transmitting data in both directions, one coaxial cable ran between the Head End and each distribution node. In addition, because cable modems were not used, the Head End of pre-HFC cable systems did not contain a CMTS. Returning to
FIG. 1
, each of the fiber nodes
108
is connected by a coaxial cable
110
to two-way amplifiers or duplex filters
112
, which permit certain frequencies to go in one direction and other frequencies to go in the opposite direction (different frequency ranges are used for upstream and downstream paths). Each fiber node
108
can normally service up to 500 subscribers. Fiber node
108
, coaxial cable
110
, two-way amplifiers
112
, plus distribution amplifiers
114
along with trunk line
116
, and subscriber taps, i.e. branch lines
118
, make up the coaxial distribution system of an HFC system. Subscriber tap
118
is connected to a cable modem
120
. Cable modem
120
is, in turn, connected to a subscriber computer
122
.
In order for data to be able to be transmitted effectively over a wide area network such as HFC or other broadband computer networks, a common standard for data transmission is typically adopted by network providers. A commonly used and well known standard for transmission of data or other information over HFC networks is DOCSIS. The DOCSIS standard has been publicly presented as a draft recommendation (J.isc Annex B) to Study Group 9 of the ITU in October 1997. That document is incorporated herein by reference for all purposes.
Virtual Private Networks
As the Public Internet expands and extends its infrastructure globally, the determination to exploit this infrastructure has led to widespread interest in IP based Virtual Private Networks (VPNs). A VPN emulates a private IP network over public or shared infrastructures. A VPN that supports only IP traffic is called an IP-VPN. Virtual Private Networks provide advantages to both the service provider and its customers. For its customers, a VPN can extend the IP capabilities of a corporate site to remote offices and/or users with intranet, extranet, and dial-up services. This connectivity may be achieved at a lower cost to the customer with savings in capital equipment, operations, and services. The service provider is able to make better use of its infrastructure and network administration expertise offering IP VPN connectivity and/or services to its customers.
There are many ways in which IP VPN services may be implemented, such as, for example, Virtual Leased Lines, Virtual Private Routed Networks, Virtual Private Dial Networks, Virtual Private LAN Segments, etc. Additionally VPNs may be implemented using a variety of protocols, such as, for example, IP Security (IPSec) Protocol, Layer
2
Tunneling Protocol, Multiprotocol Label Switching (MPLS) Protocol, etc.
A conventional technique for implementing a VPN across a wide area network may be accomplished through the use of an IP Security (IPSec) Protocol which establishes a secure IPSec “tunnel” between a remote user
ode and a private LAN. An example of this is shown in
FIG. 2
of the drawings.
FIG. 2
shows a schematic block diagram of how an IPSec Protocol may be used to manage Virtual Private Network (VPN) flows over an HFC network. As shown in
FIG. 2
, the HFC network
220
comprises a plurality of cable modems, depicted by cable modems CM
1
-CM
5
. In the example of
FIG. 2
, it is assumed that cable modems CM
4
and CM
5
are remote nodes which are members of the Virtual Private Network VPN
1
. The VPN
1
network is owned and/or managed by Enterprise A 250. The remaining cable modems in the cable network CM
1
, CM
2
, CM
3
(collectively identified by reference number
205
) are not members of any VPN.
In order for cable modem CM
4
to communicate with the VPN
1
network located at Enterprise A, it utilizes an IPSec Protocol to establish an IPSec “tunnel”
202
a
which provides a secure communication path from CM
4
, across the HFC network
220
and backbone network
230
, to the VPN
1
gateway
252
. Likewise, in order for cable modem CM
5
to connect to the virtual private network VPN
1
located at Enterprise A, it utilizes the IPSec Protocol to establish a secure tunnel
204
a
across the HFC network
220
and backbone network
230
to connect into the virtual private network VPN
1
via gateway
252
.
Although the use of IPSec Protocol to manage VPN flows across a public network (as shown, for example, in
FIG. 2
) is advantageous in that it provides secure end-to-end data encryption, it also suffers from a number of disadvantages. For example, a significant amount of overhead (e.g. memory/processing resources) is required to run IPSec on the endpoints of the IPSec tunnel. Additionally, implementing a VPN using IPSec Protocol requires additional intelligence to be incorporated in each of the end devices (e.g., PCs, cable modems, gateways
Daruwalla Feisal Y.
Forster James R.
Litwack Mark W.
Beyer Weaver & Thomas LLP.
Cisco Technology Inc.
Hsu Alpus H.
LandOfFree
Technique and apparatus for using node ID as virtual private... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Technique and apparatus for using node ID as virtual private..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Technique and apparatus for using node ID as virtual private... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3277217