[특허]Broadband access for virtual private networks

Broadband access for virtual private networks 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-012/56
출원번호	US-0628238 (2003-07-29)
등록번호	US-7447203 (2008-11-04)
발명자 / 주소	Chen,Weijing Allen,Keith Joseph
출원인 / 주소	AT&T Intellectual Property I, L.P.
대리인 / 주소	Greenblum & Bernstein, P.L.C.
인용정보	피인용 횟수 : 22 인용 특허 : 49

초록 ▼

Broadband access is provided to a virtual private network (VPN), including multiple local area networks (LANs) configured to interface with an IPv6 service provider network. Data to be routed from an originating device in an originating LAN to a destination device in a destination LAN is received by an ingress line interface and encapsulated in an IPv6 packet. A unique identification number assigned to the VPN is added to the IPv6 packet. When the destination device's address is not mapped to a corresponding egress line interface, the IPv6 packet is broadcast to a multicast address associated with the VPN. When the destination device's address is mapped to the egress line interface, the IPv6 packet is unicast to the egress line interface. The data is ultimately received and decapsulated by the egress line interface. After the VPN identification number is verified, the data is transmitted to the destination device.

대표청구항 ▼

What is claimed: 1. A method for providing a virtual private network, by receiving from a customer originating device of a first local area network, a local area network frame for transmission to a customer destination device in a second local area network over broadband access links that include customer local area network edge devices of at least one customer and an ingress edge device and an egress edge device of a service provider network, the method comprising: assigning to each edge device of the service provider a unicast IPv6 address, from an IPv6 address block of the service provider, that corresponds to a particular local area network of the customer; assigning to each edge device of the service provider a virtual private network specific multicast IPv6 address, from the IPv6 address block of the service provider, using the virtual private network specific multicasting IPv6 address for multicasting packets to all of the edge devices of the service provider serving the virtual private network; determining whether an IPv6 packet includes a destination address of a customer destination device, and whether the destination address is mapped to an egress edge device of the service provider, when mapping of the destination address to an egress edge device does not exist, encapsulating the local area network frame in a multicast IPv6 packet, the multicast IPv6 packet including the IPv6 address of the ingress edge device of the service provider as the source address and the multicast IPv6 address of the virtual private network as the destination multicast address; when mapping of the destination address to an egress edge device does exist, encapsulating the local area network frame in a unicast IPv6 packet, including the unicast IPv6 address of the egress edge device of the service provider; adding a virtual private network identification header to a header of the IPv6 packet, the virtual private network identification header including a destination option, a virtual private network hop count and an identification number identifying the virtual private network of the customer; broadcasting the IPv6 packets having multicast addresses through the service provider network to all of the edge devices serving the virtual private network; transmitting the IPv6 packets having the unicast IPv6 address, through the service provider network to a particular egress device; authenticating the IPv6 packets at the egress device of the service provider using the virtual private network identification; discarding any IPv6 packets that cannot be authenticated; decapsulating and extracting the local area network frame of authenticated IPv6 packets at the egress device of the service provider; forwarding the decapsulated local area network frame to the destination local area network; and transmitting the decapsulated customer local area network frame to the customer destination device. 2. The method according to claim 1 wherein the ingress edge device of the service provider adds the virtual private network identification number to the IPv6 packet header. 3. The method according to claim 1 wherein the customer local area network edge device adds the virtual private network identification number to the IPv6 packet header, and the ingress edge device confirms the virtual private network identification number. 4. The method according to claim 1, in which the IPv6 packet is discarded when the egress edge device does not recognize the destination option type in the header. 5. The method according to claim 1, in which the virtual private network hop number is incremented every time the IPv6 packet is forwarded by an edge device of the service provider network. 6. The method according to claim 1, in which the egress edge device includes a virtual learning bridge for authenticating the IPv6 packet, the egress edge device determines whether the virtual private network identification number of the received IPv6 packet matches the assigned customer virtual private network identification number, and any IPv6 packets that do not include a matching virtual private network identification number are discarded. 7. The method according to claim 1, in which destination local area network edge device of the customer determines whether the virtual private network identification number of the received IPv6 packet matches the assigned virtual private network identification number and discards unauthorized packets. 8. The method according to claim 1, wherein the authentication of the virtual private network identification numbers can be disabled in the service provider network or the destination local area network to enable interworking among a plurality of virtual private networks. 9. The method according to claim 1, in which the egress edge device includes a virtual learning bridge for learning and caching a mapping of identification information, including an Ethernet MAC address or an identification number of the originating customer device, to the IPv6 address of the ingress edge device, from which the local area network frame was sent, such that when the egress edge device receives subsequent local area network frames from the customer destination device destined for the customer originating device, the egress edge device encapsulates the local area network frame in a unicast IPv6 packet and unicasts the IPv6 packet to the ingress edge device using the cached mapping. 10. The method according to claim 1, in which edge devices of the service provider are configured to recognize and authenticate multiple, previously assigned virtual private network identification numbers, corresponding to interworking virtual private networks, instead of a single virtual private network identification number corresponding to one customer. 11. A service provider network for providing a virtual private network, for receiving from a customer originating device of a first local area network, a local area network frame for transmission to a customer destination device in a second local area network over broadband access links that include local area network edge devices of the customer coupled to the service provider network, the service provider network comprising: a plurality of ingress edge devices and egress edge devices; each edge device being assigned a unicast IPv6 address, from an IPv6 address block of the service provider, that corresponds to a particular local area network of the customer; each edge device also being assigned a virtual private network specific multicast IPv6 address, from the IPv6 address block of the service provider, which is used for multicasting packets to all of the edge devices of the service provider serving the virtual private network; each edge device determining whether an IPv6 packet includes a destination address of a customer destination device, and whether the destination address is mapped to an egress edge device of the service provider, when mapping of the destination address to an egress edge device does not exist, encapsulating the local area network frame in a multicast IPv6 packet, the multicast IPv6 packet including the IPv6 address of the ingress edge device of the service provider as the source address and the multicast IPv6 address of the virtual private network as the destination multicast address; when mapping of the destination address to an egress edge device does exist, encapsulating the local area network frame in a unicast IPv6 packet, including the unicast IPv6 address of the egress edge device of the service provider; wherein a virtual private network identification header is added to a header of the IPv6 packet, the virtual private network identification header including a destination option, a virtual private network hop count and an identification number identifying the virtual private network of the customer; wherein the IPv6 packets having multicast addresses are broadcast through the service provider network to all of the edge devices serving the virtual private network; wherein the IPv6 packets having the unicast IPv6 address are transmitted through the service provider network to a particular egress device; wherein the IPv6 packets are authenticated at the egress devices of the service provider; wherein any IPv6 packets that cannot be authenticated are discarded; wherein the local area network frame of authenticated IPv6 packets are decapsulated and extracted at the egress device of the service provider; wherein the decapsulated local area network frames are forwarded to the destination local area network; and wherein the decapsulated local area network frames are transmitted to the customer destination device. 12. The network according to claim 11 wherein the ingress edge device of the service provider adds the virtual private network identification number to the IPv6 packet header. 13. The network according to claim 11 wherein the customer edge device adds the virtual private network identification number to the IPv6 packet header, and the ingress edge device confirms the virtual private network identification number. 14. The network according to claim 11, in which the IPv6 packet is discarded when the egress edge device does not recognize the destination option type in the header. 15. The network according to claim 11, in which the virtual private network hop number is incremented every time the IPv6 packet is forwarded by an edge device of the service provider network. 16. The network according to claim 11, in which the egress edge device includes a virtual learning bridge for authenticating the IPv6 packet, the egress edge device determines whether the virtual private network identification number of the received IPv6 packet matches the assigned customer virtual private network identification number, and any IPv6 packets that do not include a matching virtual private network identification number are discarded. 17. The network according to claim 11, in which destination local area network edge device of the customer determines whether the virtual private network identification number of the received IPv6 packet matches the assigned virtual private network identification number and discards unauthorized packets. 18. The network according to claim 11, wherein the authentication of the virtual private network identification numbers can be disabled in the service provider network or the destination local area network to enable interworking among a plurality of virtual private networks. 19. The network according to claim 11, in which the egress edge device includes a virtual learning bridge for learning and caching a mapping of identification information, including an Ethernet MAC address or an identification number of the originating customer device, to the IPv6 address of the ingress edge device, from which the local area network frame was sent, such that when the egress edge device receives subsequent local area network frames from the customer destination device destined for the customer originating device, the egress edge device encapsulates the local area network frame in a unicast IPv6 packet and unicasts the IPv6 packet to the ingress edge device using the cached mapping. 20. The network according to claim 11, in which edge devices of the service provider are configured to recognize and authenticate multiple, previously assigned virtual private network identification numbers, corresponding to interworking virtual private networks, instead of a single virtual private network identification number corresponding to one customer.

이 특허에 인용된 특허 (49)

Hebb Andrew T., ATM address translation method and apparatus.
상세보기
Masuda Michio,JPX ; Nishihara Motoo,JPX ; Ogawa Makoto,JPX, ATM connectionless communication system having session supervising and connection supervising functions.
상세보기
Dugan Andrew J. ; McDysan David E., ATM virtual private networks.
상세보기
Bennett Toby D. ; Davis Donald J. ; Harris Jonathan C. ; Miller Ian D., Apparatus and method for constructing data for transmission within a reliable communication protocol by performing portions of the protocol suite concurrently.
상세보기
Laraqui Kim,SEX ; Nazari Ala,SEX, Arrangement for supplying local network emulation service over public connectionless ATM-network.
상세보기
Watkins John E., Asynchronous transfer mode (ATM) segmentation and reassembly unit virtual address translation unit architecture.
상세보기
Fan, Jason C.; Jogalekar, Prasad P.; Bannai, Vinay K., Automatic reconfiguration of short addresses for devices in a network due to change in network topology.
상세보기
Hahne, Ellen L.; Pan, Ping P.; Schulzrinne, Henning G., Border gateway reservation protocol for tree-based aggregation of inter-domain reservations.
상세보기
Takashima, Kenya; Nakamichi, Koji; Watanabe, Naotoshi; Soumiya, Toshio; Ezaki, Yutaka; Murata, Kazunori, Boundary device for performing a connection control at a boundary between two communications networks.
상세보기
Wells David,GBX, Call correlation tag for ATM messages.
상세보기
Joffe Alex, Cell routing in ATM networks.
상세보기
Watkins John E., Circuit and method for address translation, using update and flush control circuits.
상세보기
Kshirsagar Madhukar M. ; La Porta Thomas F. ; Shur David H. ; Veeraraghavan Malathi ; Woodworth Clark, Communications system for transmission of datagram packets over connection-oriented networks.
상세보기
Uchida Yoshihiro,JPX, Header converting method.
상세보기
Pi-Yu Chung ; Om P. Damani ; Yennun Huang ; Chandra M. Kintala ; Yi-Min Wang, Hosting a network service on a cluster of servers using a single-address image.
상세보기
Kenichi Nagami JP; Junko Ami JP; Yasuhiro Katsube JP; Takeshi Saito JP; Hiroshi Esaki JP, IP over ATM system using control messages to set up cut-through paths or bypass pipes in routers.
상세보기
Jon Allingham ; Bruce Pietsch ; Roy McNeil ; Jae Park, Interface to network protocol software to support hardware acceleration of critical functions.
상세보기
Civanlar Seyhan ; Saksena Vikram R., Internet NCP over ATM.
상세보기
Kujoory Ali Mohammad ; Saad Samir S. ; Shur David Hilton ; Tewani Kamlesh T. ; Yee James Kwong, Management of ATM virtual circuits with resources reservation protocol.
상세보기
Allan David Ian,CAX ; Casey Liam M.,CAX ; Robert Andre J.,CAX, Mechanism for multiplexing ATM AAL5 virtual circuits over ethernet.
상세보기
Civanlar Seyhan ; Saksena Vikram R., Method and apparatus for interconnecting ATM-attached hosts with telephone-network attached hosts.
상세보기
Chang Tian-Pong P. (Holmdel NJ) Civanlar Seyhan (Middletown Township ; Monmouth County NJ) Saksena Vikram R. (Freehold NJ), Method and apparatus for interconnecting LANs.
상세보기
Dev Vrat Gupta ; John Lo ; Carlos Cao ; Lee Baker, Method and apparatus for multiplexing of multiple users on the same virtual circuit.
상세보기
Fendick Kerry W. ; Saksena Vikram R., Method and apparatus for provisioned and dynamic quality of service in a communications network.
상세보기
Hagirahim, Hassan; Waldman, Francis R., Method and system for ATM-coupled multicast service over IP networks.
상세보기
Angela L. Chiu ; Xiaowen Mang, Method and system for dynamically triggering flow-based quality of service shortcuts through a router.
상세보기
Nessett Danny M. ; Grabelsky David ; Borella Michael S. ; Sidhu Ikhlaq S., Method and system for locating network services with distributed network address translation.
상세보기
Beser, Nurettin B.; Borella, Michael, Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association.
상세보기
Acharya Arup ; Dighe Rajiv, Method for internet protocol switching over fast ATM cell transport.
상세보기
DeSimone Antonio ; Golan Joseph ; Kuthyar Ashok K. ; Parent Bryant Richard ; Ramamurthy Ram S. ; Shur David Hilton, Method for managing multicast addresses for transmitting and receiving multimedia conferencing information on an internet protocol (IP) network implemented over an ATM network.
상세보기
Karapetkov Stefan,DEX ; Fromm Ingrid,DEX ; Petri Bernhard,DEX, Method for the transmission of information packets between emulated LANs using address resolution.
상세보기
Rochberger Haim,ILX, Method of routing in an asynchronous transfer mode network.
상세보기
Nagami, Kenichi; Ami, Junko; Katsube, Yasuhiro; Saito, Takeshi; Esaki, Hiroshi, Network interconnection apparatus network node apparatus and packet transfer method for high speed large capacity inter-network communication.
상세보기
Nagami Kenichi,JPX ; Ami Junko,JPX ; Katsube Yasuhiro,JPX ; Saito Takeshi,JPX ; Esaki Hiroshi,JPX, Network interconnection apparatus, network node apparatus, and packet transfer method for high speed, large capacity in.
상세보기
Atsushi Shionozaki JP, Network resource reservation control method and apparatus, receiving terminal, sending terminal, and relay apparatus.
상세보기
Soncodi Adrian C.,CAX, Signaling protocol for rerouting ATM connections in PNNI environments.
상세보기
Arup Acharya ; Rajiv Dighe, System and method of transferring internet protocol packets using fast ATM cell transport.
상세보기
Sasyan Serge,FRX ; Roger Denis,FRX ; Terrasse Denis,FRX, System providing for multiple virtual circuits between two network entities.
상세보기
Liang Chung C. ; Rojas Javier R. ; Bains Kuldip S., Systems and methods for routing ATM switched virtual circuit calls.
상세보기
Killian Thomas Joseph, Transferring messages in networks made up of subnetworks with different namespaces.
상세보기
Caronni, Germano; Gupta, Amit; Kumar, Sandeep; Markson, Tom R.; Schuba, Christoph L.; Scott, Glenn C., Truly anonymous communications using supernets, with the provision of topology hiding.
상세보기
Wicklund Goran,SEX, VP/VC lookup function.
상세보기
Brodigan Donald L., VSDL multiple service provider interface.
상세보기
Burnett John L. (Cupertino CA) Newman Peter (Mountain View CA), Virtual network using asynchronous transfer mode.
상세보기
Timbs Jeffrey L., Virtual path-based static routing.
상세보기
Khalil,Mohamed; Qaddoura,Emad A.; Akhtar,Haseeb, Virtual private network identification extension.
상세보기
Pegrum, Michael Scott; Jamieson, Dwight; Yuen, Matthew, Virtual private networks.
상세보기
Hurren, Alan J.; Regan, Joseph M.; Bottorff, Paul; Cobbold, Mark, Virtual private networks and methods for their operation.
상세보기
Eng Kai Yin ; Liu Zhao ; Veeraraghavan Malathi, Wireless services data network translating mac address to asynchronous transfer mode (ATM) address.
상세보기

이 특허를 인용한 특허 (22)

Arad, Nir, Address scope checking for internet protocol version 6.
상세보기
Arad, Nir, Address scope checking for internet protocol version 6.
상세보기
Dye, Thomas; Dundon, Thomas, Audio-video multi-participant conference systems using PSTN and internet networks.
상세보기
Sheng, Zhifan; Xu, Jiangshan; Qin, Yanlong; Ren, Yanming; Ouyang, Shijie; Sun, Lili; Chen, Biduo; Wu, Guangsheng; Chapman, John; Li, Zhenwei, Cable TV network broadband access system with distributed deployment and centralized control.
상세보기
Yang, Fang; Ke, Kathy Xia; Kouvelas, Isidoros; Cassar, Christian, Fast convergence with multicast source mobility.
상세보기
Florit, Lionel; Klessig, Robert W., Internet protocol multicast distribution in Ethernet networks.
상세보기
Khouderchah, Michel; Krishnamurthy, Chandrasekar; Oz, Doron, Managing traffic within and between virtual private networks when using a session border controller.
상세보기
Oz, Doron; Khouderchah, Michel; Krishnamurthy, Chandrasekar, Managing traffic within and between virtual private networks when using a session border controller.
상세보기
Casado, Martin; Amidon, Keith E.; Koponen, Teemu; Lambeth, W. Andrew, Mesh architectures for managed switching elements.
상세보기
Monette, Sylvain; Giguere, Mathieu; Julien, Martin; Tremblay, Benoit, Method and nodes for performing bridging of data traffic over an access domain.
상세보기
Wang, Yuchen; Wu, Xueping, Method, apparatus, host, and network system for processing packet.
상세보기
Woo, Moo-Yeon, Mobile WIMAX network system having private network and mobile IP terminal processing method thereof.
상세보기
Farinacci, Dino; Speakman, Tony; Venugopal, Nair; Grover, Hasmit; Moreno, Victor; Rao, Dhananjaya, Overlay transport virtualization.
상세보기
Farinacci, Dino; Speakman, Tony; Venugopal, Nair; Grover, Hasmit; Moreno, Victor; Rao, Dhananjaya, Overlay transport virtualization.
상세보기
Koponen, Teemu; Amidon, Keith E.; Ingram, Paul S.; Casado, Martin, Packet processing for logical datapath sets.
상세보기
Koponen, Teemu; Amidon, Keith E.; Ingram, Paul S.; Casado, Martin, Packet processing in a network with hierarchical managed switching elements.
상세보기
Hussain, Altaf, Providing operation services for networks via operations service servers.
상세보기
Hussain, Altaf, Providing operation services for networks via operations service servers.
상세보기
Guo, Liang; Lee, Whay C.; Metke, Anthony R.; Bansal, Deepak, Routing topology bandwidth management methods and system.
상세보기
Casado, Martin; Lambeth, W. Andrew, Use of tunnels to hide network addresses.
상세보기
Dye, Thomas; Dundon, Thomas, Voice conference call using PSTN and internet networks.
상세보기
Dye, Thomas; Dundon, Thomas, Voice conference call using PSTN and internet networks.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Broadband access for virtual private networks 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (49)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Broadband access for virtual private networks 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (49)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트