Virtual L2TP/VPN tunnel network and spanning tree-based...

Multiplex communications – Network configuration determination – Using a particular learning algorithm or technique

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C370S254000, C370S389000, C370S474000

Reexamination Certificate

active

06765881

ABSTRACT:

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to a virtual L
2
TP/VPN tunnel network and a system and method for automatic discovery of VPN tunnels and other layer-
2
services. More specifically, a virtual L
2
TP/VPN tunnel network as well as a system and method for automatic discovery of VPN tunnels, such as L
2
TP tunnels, and other layer-
2
services using a method such as one based on the spanning tree protocol are disclosed.
2. Description of Related Art
Virtual private network (VPN) generally refers to a private network having a secure encrypted connection configured across a public network. VPN allows organizations such as corporations to utilize a public network as its own virtual private communications tool. VPNs appear as private national or international networks to the customer but physically share backbone trunks with other customers.
Implementing a VPN provides cost efficiency advantages by avoiding the expense of setting up a dedicated secure network while providing interconnectivity among remote branches, departments, and/or users through relatively inexpensive services of an Internet service provider (ISP). In particular, VPNs provide a cost-effective alternative to laying cables, leasing lines, and/or subscribing to frame relay services. Thus, VPNs offer the security of a private network via access control and encryption while enjoying the advantage of economies of scale and built-in management facilities of large public networks. However, utilizing VPNs over public networks typically comes at a cost of greater response time and/or lower reliability.
VPN may utilize a tunneling process that encapsulates and transmits communication packets. Tunneling generally involves transmitting data structured in one protocol format within the format of another protocol. In other words, tunneling allows other types of transmission streams to be carried within the prevailing protocol. With respect to VPN, tunneling typically involves encapsulating a network transmission in an IP (Internet Protocol) packet for secure transmission over an IP network. A tunnel provides a temporary portal for passing data through a system such as a proxy, and ceases to exist when the ends of the connection are closed. IP tunneling entails carrying a foreign protocol within an IP packet. For example, using IP tunneling, IPX (Internetwork Packet Exchange) can be encapsulated and transmitted via TCP/IP.
Examples of VPN tunnels include L
2
TP (Layer
2
Tunneling Protocol) tunnels, IPSec (IP Security) tunnels, PPTP (Point-to-Point Tunneling Protocol), and GRE (Generic Routing Encapsulation). L
2
TP is an extension to the point-to-point protocol (PPP) for creating VPNs over the Internet. L
2
TP is a combination of Microsoft's Point-to-Point Tunneling Protocol and Cisco's Layer
2
Forwarding (L
2
F) technology. L
2
TP supports non-IP protocols such as AppleTalk and IPX as well as the IPSec security protocol. IPSec is a security protocol that provides authentication and encryption over the Internet. In contrast to SSL which provides services at layer
4
and secures communications between two applications, IPSec works at layer
3
and secures everything in the network. Because IPSec was designed for the IP protocol, it has wide industry support and is expected to become the standard for virtual private networks (VPNs) on the Internet.
VPN technology typically involves various hardware components such as a network access server (NAS) and a tunnel server. The NAS is often also referred to as an L
2
TP access concentrator (LAC). The LAC receives incoming calls for dial-in VPNs and places outgoing calls for dial-out VPNs. Typically, the LAC is maintained by an ISP that provides VPN services to its customers. The tunnel server is often also referred to as the home gateway or the L
2
TP network server (LNS). The tunnel server terminates dial-in VPNs and initiates dial-out VPNs. Typically, the tunnel server is maintained by the ISP customer and is the contact point for the customer network.
When a remote end user or client wishes to connect to the customer tunnel server, the remote end user first establishes a PPP connection to the ISP LAC such as by dialing in to the ISP LAC. Upon receiving the initial PPP request, the LAC determines that the PPP request is to be forwarded onto a tunnel or other medium which can directly reach the PPP network server capable of authentication and authorization of the remote end user. The LAC identifies the tunnel server to which the end user's call is to be forwarded and establishes a tunnel with the identified tunnel server. Finally, the tunnel server authenticates the client username and password and establishes the PPP connection with the remote end user client.
The outgoing tunnel server and tunnel may be selected based on, for example, the end user domain name and/or the DNIS (dialed number identification service) information in the incoming call. If the LAC cannot determine the outgoing tunnel or tunnel server, then access is denied and the incoming session is dropped.
However, for large scale tunnel deployments, an ISP LAC may be within a network of ISP LACs. The other ISP LACs may have configured other distinct tunnels such that a VPN may be established across multiple ISP LACs. However, each LAC needs to be configured with a forwarding database for the tunneling topology so as to be able to establish such VPNs across multiple ISP LACs. Thus, it is desirable to provide a system and method for automatic discovery of VPN tunnels across a network of LACs.
SUMMARY OF THE INVENTION
A virtual L
2
TP/VPN tunnel network as well as a system and method for automatic discovery of VPN tunnels, such as L
2
TP tunnels, and other layer-
2
services using a method such as one based on the spanning tree protocol are disclosed. It should be appreciated that the present invention can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, or a computer readable medium such as a computer readable storage medium or a computer network wherein program instructions are sent over optical or electronic communication lines. Several inventive embodiments of the present invention are described below.
The method for automatic discovery of layer-
2
services across a network of layer-
2
devices generally comprises transmitting an advertisement message by each tunnel or virtual port of each layer-
2
device to the logical neighbors of the device in a virtual topology, the advertisement message containing information for generating a spanning tree based on a spanning tree algorithm, receiving advertisement messages on the tunnels of each layer-
2
device, and processing the received advertisement messages to generate a spanning tree topology of the network of layer-
2
devices whereby each layer-
2
device in the network automatically discovers layer-
2
services of other layer-
2
devices on the network. The transmitting is preferably repeated at predetermined configurable intervals. It is noted that discovery of L
2
services such as by domain name or ID is generally analogous to Ethernet-address discovery by a bridge running the spanning tree protocol.
The resulting spanning tree generally includes a root device selected from the network of layer-
2
devices, each tunnel associated with the root device being a designated tunnel of the root device on which advertisement messages are transmitted, a root tunnel for each non-root device, a designated device selected from the pair of devices associated with each tunnel, the associated tunnel being the designated tunnel of the designated device, and blocked tunnels for all other tunnels in the network of layer-
2
devices, wherein blocked tunnels are blocked from transmitting advertisement messages. Generally, the transmitting of the advertisement message by each tunnel of each layer-
2
device is only on root tunnels and designated tunnels of the layer-
2
devices. The resulting spanning tree provides a unique path between each pair of layer

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Virtual L2TP/VPN tunnel network and spanning tree-based... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Virtual L2TP/VPN tunnel network and spanning tree-based..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Virtual L2TP/VPN tunnel network and spanning tree-based... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3201671

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.