US20060227786A1 - System and Method for Interconnecting Multiple Virtual Private Networks - Google Patents

System and Method for Interconnecting Multiple Virtual Private Networks Download PDF

Info

Publication number
US20060227786A1
US20060227786A1 US11/382,139 US38213906A US2006227786A1 US 20060227786 A1 US20060227786 A1 US 20060227786A1 US 38213906 A US38213906 A US 38213906A US 2006227786 A1 US2006227786 A1 US 2006227786A1
Authority
US
United States
Prior art keywords
virtual private
private networks
network
service quality
interconnect
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/382,139
Inventor
Whittle Bryan
Tesink Kaj
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anxebusiness Corp
Original Assignee
Science Applications International Corp SAIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Science Applications International Corp SAIC filed Critical Science Applications International Corp SAIC
Priority to US11/382,139 priority Critical patent/US20060227786A1/en
Publication of US20060227786A1 publication Critical patent/US20060227786A1/en
Assigned to ANXEBUSINESS CORP. reassignment ANXEBUSINESS CORP. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SCIENCE APPLICATIONS INTERNATIONAL CORPORATION
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/18End to end
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to virtual private networks. More particularly, the present invention relates to virtual private networks wherein in each virtual private network, multiple service providers can be utilized by the trading partners of the virtual private network.
  • the end-to-end service quality of the connection within the virtual private network is guaranteed to meet minimum requirements.
  • the end-to-end service quality encompasses numerous factors including: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling.
  • the system and method of the present invention is directed to the interconnection of multiple virtual private networks each having multiple service providers.
  • the present invention encompasses a system and method for interconnecting multiple interconnect providers, such as exchange points, exchange networks, direct connect or transit service providers, between the multiple virtual private networks.
  • the present invention employs an end-to-end overseer across the multiple virtual private networks.
  • Transport Control Protocol/Internet Protocol was endorsed as the standard suite for electronic data communications.
  • the ANX system is a business-to-business communications infrastructure that provides a uniform, secured link between trading partners, such as manufacturers and suppliers, in the automotive industry.
  • the ANX is a subscription-based network composed of Certified Service Providers (CSP).
  • CSPs are providers of IP network service that have satisfied certain service end-to-end quality.
  • CASPs are certificate authority service providers.
  • the Certified Exchange Point Operator (CEPO) provides services to interconnect CSPs. CEPOs also must satisfy certain end-to-end service quality requirements.
  • TP Trading Partners
  • the ANX system allows TPs to communicate, exchange information, and transact business with other TPs over the ANX network.
  • the TP may utilize any TCP/IP-compliant application program to exchange information with other TPs.
  • the registered TP selects the TPs with which it wants to communicate and thereafter may gain access to and receive communications from those selected TPs.
  • the ANX system allows each TP to develop its own virtual private network with its customers and vendors.
  • the ANX system significantly reduces the complexity of connecting to multiple trading partners. Since there are diverse communication protocols for the trading partners, separate links are required to access each trading partner.
  • ANX offers improved end-to-end service quality. For example, if an auto manufacturer needs to place with its parts supplier an order for car seats, the manufacturer may submit over the ANX system its confidential CAD drawings directly to the supplier. The manufacturer may also fill out the order form that the supplier may have for filling orders and timely submit over the ANX system due to its high reliability and performance.
  • the CSP and the CEPO must satisfy certain performance and security requirements in order to be certified under the ANX.
  • the certification process is disclosed in ANX Release 1 Document Publication (TEL-2 02.00), which is incorporated herein by reference in its entirety.
  • the ANX VPN permits the use of a plurality of different IPSec devices. By virtue of the TEL-2 specification and the certification process, all of the designated IPSec devices are guaranteed to communicate with one another across the ANX VPN.
  • ANX was originated out of the need to interconnect automotive related companies, it is not limited to that industry. Any company/industry may become a TP, e.g. an aerospace company, a healthcare company, etc. ANX has become known as the Advanced Network eXchange.
  • the lag between the systems at each company will be different virtually every time.
  • the connection each has through its service provider, i.e. 14.4K, 28.8K, 56K, ISDN, DSL, T1, etc., plus the number of servers through which the connection is directed contribute to the resulting time lag between the two companies.
  • the two parties may require a maximum acceptable time lag. Due to the nature of the Internet, it cannot guarantee such a maximum time lag.
  • the two companies may desire that service assistance be available at certain times or 24 hours a day.
  • the Internet has no such guarantees for help availability in a multi-provider environment. Such a lack of guaranteed bandwidth, latency and reliability are major impediments to business-to-business commerce and communication over the Internet.
  • VPNs virtual private networks
  • Secure VPNs permit a company to communicate with any other entity on the network without the risk of increased vulnerability to viruses and hackers.
  • VPNs can connect to other VPNs over the Internet by providing authentication, access control, confidentiality and data integrity, there is still no way the end-to-end quality of the connection can be guaranteed to meet a required set of minimum standards in a multi-provider setting.
  • a secure VPN is a communication network that is secured with encryption and authentication.
  • Secure VPNs are based on multiple technologies, for example IPSec, tunneling, certification and shared secret authentication.
  • IPSec is the security standard established by the Internet Engineering task Force (IETF). Tunneling permits private networks to cross the Internet using unregistered IP addresses.
  • the system and method of the present invention utilizes an overseer that defines the service quality, continually qualifies service providers as meeting that service quality, and resolves end-to-end issues across multiple interconnected virtual private networks, such as the ANX.
  • an overseer that defines the service quality
  • service providers such as the ANX
  • an object of the present invention is to provide a system and method of interconnecting multiple VPNs each using multiple service providers while offering a minimum standard of end-to-end connection quality and reliability.
  • Another object of the present invention is to provide a system and method of interconnecting multiple VPNs having an overseer that resolves end-to-end issues across multiple virtual private networks.
  • Still another object of the present invention is to provide a system and method of connecting multiple virtual private networks in which multiple interconnect providers are interconnected so that the end-to-end service quality is met.
  • FIG. 1 is a block diagram of two interconnected virtual private networks according to the present invention
  • FIG. 2 is a configuration of governance and management of separate virtual private networks
  • FIG. 3 is a configuration of governance and management of interconnected virtual private networks according to the present invention.
  • FIG. 4 is an interconnection configuration for governance of multiple inter-connected virtual private networks according to the present invention.
  • FIG. 5 is a flow chart showing contractual obligations according to the present invention.
  • FIG. 6 is a diagram illustrating end-to-end latency in a virtual private network having multiple service providers
  • FIG. 7 is a diagram illustrating end-to-end availability in a virtual private network having multiple service providers
  • FIG. 8 is a diagram illustrating trouble handling in a virtual private network having multiple service providers
  • FIG. 9 is a diagram illustrating an accountability model for a single virtual private network having multiple service providers
  • FIG. 10 is a diagram illustrating an accountability model for multiple virtual private networks having multiple service providers according to the present invention.
  • FIG. 11 is a diagram illustrating end-to-end interconnection of two virtual private networks according to the present invention.
  • FIG. 12 is a diagram illustrating a trouble escalation model for interconnection of two virtual private networks according to the present invention.
  • FIG. 13 is a diagram illustrating a multiple virtual private network fee model for interconnection of two virtual private networks according to the present invention.
  • FIG. 14 is a diagram illustrating interconnection of two virtual private networks using a single transit certified service provider according to the present invention.
  • FIG. 15 is a diagram illustrating interconnection of two virtual private networks using a multiple transit certified service providers according to the present invention.
  • FIG. 16 is a diagram illustrating interconnection of multiple virtual private networks using a multiple transit certified service providers, where no single transit certified service provider connects all of the virtual private networks according to the present invention.
  • FIGS. 17 a - c are alternative configurations for interconnecting multiple virtual private networks according to the present invention.
  • FIG. 1 shows a block diagram of two interconnected virtual private networks 20 and 22 .
  • the present system and method of the interconnecting multiple virtual private networks is not intended to be limited to only these types of networks and has applicability to a wide variety of virtual private networks.
  • Each virtual private network (VPN) 20 and 22 is shown having a trading partner (TP) 24 and 26 , respectively. While FIG. 1 shows only one TP 24 and 26 for each virtual private network, there can in fact be hundreds or thousands of such TPs for each virtual private network. FIG. 1 is intended to define the end-to-end service quality concept, and for such a purpose, only one TP 24 and 26 is needed for each virtual private network 20 and 22 .
  • the end-to-end service quality cannot be achieved by simply interconnecting two virtual private networks, such as 20 and 22 , with a wire.
  • the end-to-end service quality incorporates a user-centric philosophy, where the user is the TP or subscriber. The user is guaranteed a minimum level of service encompassing factors that include: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling. Simply connecting the two virtual private networks 20 and 22 with a wire will not achieve the minimum satisfactory levels for these factors.
  • each VPN 20 and 22 is shown as having its own governance, program management, competition policy, contracts, service assurance, and service description. While each virtual private network can operate with a successful level of end-to-end service quality when each VPN is not interconnected to another VPN, the governance, program management, competition policy, contracts, service assurance, and service description may need to be revised when interconnecting two or more VPNs in order to maintain the end-to-end service quality. It will be appreciated that at the very least the interconnection of at least two VPNs adds at least one additional level of complexity with regard to service between the VPNs.
  • FIG. 3 One resolution is shown in FIG. 3 , in which each VPN 20 and 22 maintain their own governance, but the program management, competition policy, contracts, service assurance, and service description for the two VPNs 20 and 22 are unified.
  • Such unification means that where the parameters for the program management, competition policy, contracts, service assurance, and service description of the two VPNs 20 and 22 are different, the parameter used in one of the networks is chosen as the acceptable minimum standard or a compromise parameter different from the parameter used in each of the VPNs is agreed upon. It is possible that the parameters for communication within each VPN need not change, while the new parameters are used only when communicating between VPNs.
  • FIG. 3 further shows that the system and method contemplate connecting more than two VPNs.
  • FIG. 4 One configuration for governance of multiple interconnected VPNs is shown in FIG. 4 .
  • each VPN has its own program overseer (POVER) 30 , and a global, or multiple virtual private networks, overseer (GOVER) 32 is provided to resolve issues between the POVERs 30 .
  • POVER program overseer
  • GOVER virtual private networks
  • Arrows are shown between the POVERs 30 indicating that the POVERs 30 are free to resolve their issues without requiring the GOVER 32 .
  • the GOVER is called on when direct POVER-to-POVER resolution fails.
  • Each of the POVERs 30 governs one of the regional VPNs, while the GOVER 32 oversees the interconnection of the VPNs.
  • the GOVER is responsible for end-to-end quality assurance, and in particular acts as an inter-VPN interconnection certifier.
  • the GOVER certifies interconnection facilities, and certifies a global CASP-CASP trust model.
  • the GOVER also is an inter-VPN arbitrator that steps in when POVERs cannot resolve trouble between them.
  • the interconnection of multiple VPNs has unique issues such as resolving trouble and conflicts between the VPNs and maintenance of minimum end-to-end service quality across the multiple programs. Since the system and method of the present invention are directed to providing specific end-to-end service quality, it must be possible for TPs to quantify the end-to-end service quality levels, and these service quality levels must be sufficient to allow applications to work across the multiple VPNs. Therefore, a high level of metric compatibility and measurement techniques are required.
  • each TP, CSP and CEP must meet specified criteria to become certified and to maintain that certification.
  • the certification provides the TPs or subscribers with confidence that the level oF transport and security will meet their business needs.
  • the ANX type VPN utilizes multiple CSPs. On one level it is easier to run a VPN where all TPs are required to use a single CSP.
  • the use of multiple CSPs in the ANX type VPN fosters competition between the CSPs and allows the VPN to reach TPs that may not be serviced by a single CSP.
  • the implementation of multiple CSPs brings with it the drawback of insuring that the CSPs can talk to one another.
  • connection from one TP to another TP within the same VPN is through a single CSP of two CSPs should be invisible to the TPs.
  • the TPs need never know when one or more CSPs are used for any particular connection.
  • the certification process ensures that the TPs use one of the certified IPSec devices at their premises, and that the CSPs will utilize certified equipment and meet certain metrics so as to achieve the end-to-end service quality guaranteed to the TPs. In this manner, the multiple CSPs will be able to communicate with one another.
  • the CSPs must meet business criteria, technical metrics, ongoing monitoring, trouble-handling criteria, routing registry criteria, and domain name registry criteria to achieve and maintain certification.
  • FIG. 5 shows the contractual obligations of the members of an ANX-type VPN.
  • the TPs 40 contract with the VPN, as denoted in FIG. 5 by the arrows to the overseer 50 , and contract with one of the multiple CSPs 42 .
  • the CSPs contract with the VPN and with the CEPO 44 .
  • the CEPO 44 contracts with the VPN.
  • Each entity is responsible for the services that that entity provides.
  • FIG. 6 illustrates the end-to-end latency within the ANX network.
  • the TP1 router 60 is connected to ANX CSP 1 62 , which in turn is connected to ANX CEPO 64 .
  • TP2 router 66 is connected to ANX CSP 2 68 , which is connected to ANX CEPO 64 .
  • the packet latency from each router 60 and 66 through the corresponding CSP is 125 msec.
  • the latency through the ANX CEPO is on the order of microseconds. The total packet latency through the network is therefore only slightly more than 250 msec.
  • FIG. 7 illustrates the end-to-end availability metric.
  • the Access network, between the TP1 router 60 and the ANX CSP 1 62 is permitted to be unavailable 43.80 hours/year.
  • the ANX CSP 1 62 may only be unavailable 2.63 hrs./year.
  • the trunk 65 between the ANX CSP 1 62 and the ANX CEPO 64 may only be unavailable 1.76 hrs./year.
  • the ANX CEPO 64 may only be unavailable 0.44 hours/year.
  • the foregoing availabilities yield a total of 99.895% availability or 9.22 hours per year downtime.
  • the outline for how trouble is handled within the ANX-type VPN is shown in FIG. 8 .
  • At the first level trouble between TPs is handled directly between the two TPs.
  • issues between the TPs and the CSPs are handled between the two parties.
  • CSPs and the CEPOs also resolve their troubles between the troubled parties.
  • a network overseer is provided to handle troubles that cannot be handled in the foregoing scenarios. The overseer can take complaints from the TPs, the CSPs, and the CEPOs.
  • a key to providing predictable end-to-end service quality is that the TPs must know the level of service they receive. To this end four service provider accountability levels exist. First, service providers, both interconnect providers and CSPs, must timely fix infrequent service provider troubles. Second, there must be end-to-end service provider cooperation to handle any troubles. Third, recourse must be provided to resolve disputes in the event of disagreement between CSPs and/or interconnect providers. Fourth, recourse must be provided to resolve continued non-compliance with the end-to-end service quality.
  • FIGS. 9 and 10 charts for single VPN and interconnected VPNs are shown, respectively.
  • the CSPs 70 , CEPOs 72 and CASPs 74 are accountable to the POVER 76 .
  • the POVER 76 is accountable to the body 78 representing the TPs.
  • the body 78 is accountable a regional/national arbitration body 80 .
  • the CSPs 70 , the CEPOs 72 , and CASPs 74 are accountable to the POVERs 76 .
  • the POVERs 76 are accountable to a GOVER 77 , which in turn is accountable to the body 78 .
  • the body 78 instead of being accountable to the regional/national arbitration body 80 , is accountable to an international arbitration body 82 .
  • the GOVER/POVER model is but one way to oversee ensuring of the end-to-end service quality and metric compatibility. How the ANX-type networks are connected will be discussed below. In this context there must be five key types of end-to-end technology compatibility: 1 network interconnection that ensures a trading partner on one VPN can reach any trading partner on the other VPN; 2 routing compatibility that ensures any trading partner on one VPN can logically reach any TP on the other VPN; 3 naming compatibility, e.g. so the web names or e-mail names of any trading partner on one VPN can be resolved to an address that is routable over the two VPNs; 4 IPSec compatibility; and 5 digital security certificate compatibility across multiple VPNs. While FIGS. 9 and 10 refer to regional/national VPNs and international arbitration, the VPNs need not be limited to a specific country or geographical area. Any ANX-type VPN, regardless of the location of its subscribers could be interconnected.
  • FIG. 11 shows two VPNs, that have multiple service providers, which are connected through an inter-program service provider, also called an interconnect provider.
  • the Tel-2 specification is still used as the basic guide in determining the end-to-end service quality, however regional or particular VPN peculiarities, referred to as deltas, must be considered when establishing the interconnected end-to-end service quality standards.
  • FIG. 12 illustrates an end-to-end trouble escalation model. It is expected that CSPs will work together to resolve trouble before contacting a POVER. Similarly, the POVERs and/or the POVERs and the interconnect provider are expected to work together to resolve trouble before contacting the GOVER.
  • the POVERs 100 pay fees to the GOVER to offset the costs of maintaining the GOVER.
  • the VPNs having multiple service providers in turn pay fees to support the POVER.
  • the interconnect providers pay a certification fee to the GOVER for certification as a interconnect provider between VPNs.
  • interconnect providers There are multiple methods of interconnecting multiple VPNs with interconnect providers. As shown in FIG. 14 , all the VPNs, having multiple service providers, can be interconnected using a single interconnect provider. Alternatively, all the VPNs can be interconnected by multiple interconnect providers, as shown in FIG. 15 , thereby creating competition between the interconnect providers, just as there is competition between the CSPs in a single xNX-type VPN. Finally, as shown in FIG. 16 , where no suitable interconnect provider is available to connect all the VPNs having multiple service providers, multiple interconnect providers are used. These interconnect providers service different combinations of VPNs. In FIG. 16 , interconnect provider 120 interconnects VPNs having multiple service providers 122 , 124 , and 126 . Interconnect provider 130 interconnects VPNs having multiple service providers 132 and 126 . As a result, a TP of VPN 132 must connect through both Interconnect provider 130 and Interconnect provider 120 to reach TPs of either VPN 122 or 124 .
  • FIGS. 17 a - c illustrate potential configurations of multiple VPNs.
  • a first TP 200 connects to a first CSP 210 .
  • the CSP 210 connects to a first exchange point 220 .
  • the TP 200 , CSP 210 , and the exchange point 220 are within a first VPN 240 .
  • a second TP 250 connects to a second CSP 260 , which connects to a second exchange point 270 .
  • the TP 250 , CSP 260 and exchange point 270 are within a second VPN 280 .
  • the two VPNs 240 and 280 are interconnected by an Interconnect provider 300 , which is connected to the exchange points 220 and 270 .
  • FIG. 17 b TP 200 , CSP 210 , exchange point 220 and Interconnect provider 300 are connected in the same manner shown in FIG. 17 a . While the second TP 250 is connected to the CSP 260 , the exchange point 270 is not provided. Instead CSP 260 is shown as connecting directly to the Interconnect provider 300 . This embodiment encompasses the situation where the Interconnect provider 300 and CSP 260 are the same entity or are directly wired.
  • FIG. 17 c is similar to FIG. 17 b , except that the Interconnect provider 300 also acts as a CSP 320 , and a third TP 310 is connected directly to the Interconnect provider 300 /CSP 320 .
  • the degree to which the TEL-2 specification needs to be modified to interconnect multiple VPNs depends upon the chosen complexity of the interconnection.
  • An xNX-type VPN uses a maximum of two CSPs between any two TPS. A larger value, either three or four, is needed for multiple VPNs.
  • the Interconnect provider will account for one additional CSP, and for configuration set forth in FIG. 16 , two Interconnect providers are employed in addition to the two CSPs yielding four CSPs.

Abstract

A system and method for interconnecting multiple VPNs, each using multiple service providers, while offering a minimum standard of end-to-end connection quality and reliability are described. The system and method utilizes an overseer that resolves end-to-end issues across multiple interconnected virtual private networks. When connecting multiple virtual private networks multiple interconnect providers are interconnected so that the end-to-end service quality standard is met. The certification of service providers, exchange points, transit service providers and IPSec devices permits interoperability for encryption, integrity and authentication across the product of all IPSec vendors. When two subscribers both use certified IPSec equipment then they can provide each other with controlled access to each other's networks.

Description

  • This application is a continuation application of U.S. application Ser. No. 09/653,201, filed on Aug. 31, 2000, which claims priority to the provisional Application Ser. No. 60/151,563, entitled “Method & Apparatus For a Globalized Automotive Network & Exchange,” filed on Aug. 31, 1999, the contents of which are incorporated herein by reference in their entireties.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to virtual private networks. More particularly, the present invention relates to virtual private networks wherein in each virtual private network, multiple service providers can be utilized by the trading partners of the virtual private network. The end-to-end service quality of the connection within the virtual private network is guaranteed to meet minimum requirements. The end-to-end service quality encompasses numerous factors including: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling. The system and method of the present invention is directed to the interconnection of multiple virtual private networks each having multiple service providers. Furthermore the present invention encompasses a system and method for interconnecting multiple interconnect providers, such as exchange points, exchange networks, direct connect or transit service providers, between the multiple virtual private networks. Finally, the present invention employs an end-to-end overseer across the multiple virtual private networks.
  • 2. Description of the Related Art
  • Early in 1994, the automotive industry recognized the need for global network services that would support more new demanding automotive business applications. The purpose of this network service was to simplify complex, redundant, outdated connection methods while minimizing costs and ensuring the management, security, reliability, and performance essential to the automotive industry. Transport Control Protocol/Internet Protocol (TCP/IP) was endorsed as the standard suite for electronic data communications.
  • Ultimately in 1995, the industry formed a Telecommunications Project Team to oversee the design and development of a common global communication infrastructure supporting automotive industry application initiatives (later called the Automotive Network eXchange (ANX) Implementation Task Force). The Task Force, in June 1997, published the initial results of the technical design process for this new network service, called the Automotive Network eXchange (ANX), in “ANX Release 1 Draft Document Publication” (TEL-2 01.00). This reference is incorporated herein by reference in its entirety. The TEL-2 specification undergoes constant updating and correction.
  • The ANX system is a business-to-business communications infrastructure that provides a uniform, secured link between trading partners, such as manufacturers and suppliers, in the automotive industry. The ANX is a subscription-based network composed of Certified Service Providers (CSP). CSPs are providers of IP network service that have satisfied certain service end-to-end quality. CASPs are certificate authority service providers. The Certified Exchange Point Operator (CEPO) provides services to interconnect CSPs. CEPOs also must satisfy certain end-to-end service quality requirements.
  • Trading Partners (TP) are registered end users, or subscribers, of the ANX system such as automotive parts manufacturers, suppliers, original equipment manufacturers, and car manufacturers. The ANX system allows TPs to communicate, exchange information, and transact business with other TPs over the ANX network. The TP may utilize any TCP/IP-compliant application program to exchange information with other TPs. The registered TP selects the TPs with which it wants to communicate and thereafter may gain access to and receive communications from those selected TPs. As a result, the ANX system allows each TP to develop its own virtual private network with its customers and vendors.
  • The ANX system significantly reduces the complexity of connecting to multiple trading partners. Since there are diverse communication protocols for the trading partners, separate links are required to access each trading partner.
  • By having a single private network operated under a uniform protocol, interconnectivity between various trading partners is substantially simplified. In addition, ANX offers improved end-to-end service quality. For example, if an auto manufacturer needs to place with its parts supplier an order for car seats, the manufacturer may submit over the ANX system its confidential CAD drawings directly to the supplier. The manufacturer may also fill out the order form that the supplier may have for filling orders and timely submit over the ANX system due to its high reliability and performance.
  • The CSP and the CEPO must satisfy certain performance and security requirements in order to be certified under the ANX. The certification process is disclosed in ANX Release 1 Document Publication (TEL-2 02.00), which is incorporated herein by reference in its entirety.
  • The ANX VPN permits the use of a plurality of different IPSec devices. By virtue of the TEL-2 specification and the certification process, all of the designated IPSec devices are guaranteed to communicate with one another across the ANX VPN.
  • While the ANX was originated out of the need to interconnect automotive related companies, it is not limited to that industry. Any company/industry may become a TP, e.g. an aerospace company, a healthcare company, etc. ANX has become known as the Advanced Network eXchange.
  • With the advent of the Internet, global communication has become a reality. While the Internet works well for non-mission critical applications, such as transmitting and receiving e-mail and hosting websites, it has some drawbacks for business-to-business commerce and communication that require stringent end-to-end service quality. Quality concerns are in the area of end-to-end service quality as explained previously.
  • For example, when two companies want to communicate over the Internet, the lag between the systems at each company will be different virtually every time. The connection each has through its service provider, i.e. 14.4K, 28.8K, 56K, ISDN, DSL, T1, etc., plus the number of servers through which the connection is directed contribute to the resulting time lag between the two companies. Depending upon the type of information transmitted, the two parties may require a maximum acceptable time lag. Due to the nature of the Internet, it cannot guarantee such a maximum time lag. Furthermore, the two companies may desire that service assistance be available at certain times or 24 hours a day. The Internet has no such guarantees for help availability in a multi-provider environment. Such a lack of guaranteed bandwidth, latency and reliability are major impediments to business-to-business commerce and communication over the Internet.
  • In recent years the number of electronic viruses and hacker attacks has increased dramatically. A company considering conducting business-to-business commerce over the Internet runs the risk of making their intranet vulnerable to such viruses and attacks with the potential related loss of data.
  • In order to address the security issue, some companies have developed virtual private networks (VPNs). Secure VPNs permit a company to communicate with any other entity on the network without the risk of increased vulnerability to viruses and hackers. However, while VPNs can connect to other VPNs over the Internet by providing authentication, access control, confidentiality and data integrity, there is still no way the end-to-end quality of the connection can be guaranteed to meet a required set of minimum standards in a multi-provider setting.
  • A secure VPN is a communication network that is secured with encryption and authentication. Secure VPNs are based on multiple technologies, for example IPSec, tunneling, certification and shared secret authentication. IPSec is the security standard established by the Internet Engineering task Force (IETF). Tunneling permits private networks to cross the Internet using unregistered IP addresses.
  • SUMMARY OF THE INVENTION
  • From the foregoing, it is desirable to provide a system and method for interconnecting multiple VPNs each using multiple service providers while offering a minimum standard of end-to-end service quality.
  • The system and method of the present invention utilizes an overseer that defines the service quality, continually qualifies service providers as meeting that service quality, and resolves end-to-end issues across multiple interconnected virtual private networks, such as the ANX. When connecting multiple virtual private networks according to the system and method of the present invention multiple interconnect providers are interconnected, and the manner in which these interconnect providers are interconnected so that the quality and reliability standards are met is another aspect of the present invention.
  • Certification of IPSec devices permits interoperability for encryption, integrity and authentication across the product of all IPSec vendors. When two subscriber companies both use certified IPSec equipment then they can provide each other with controlled access to each other's networks.
  • Based on the foregoing, an object of the present invention is to provide a system and method of interconnecting multiple VPNs each using multiple service providers while offering a minimum standard of end-to-end connection quality and reliability.
  • Another object of the present invention is to provide a system and method of interconnecting multiple VPNs having an overseer that resolves end-to-end issues across multiple virtual private networks.
  • Still another object of the present invention is to provide a system and method of connecting multiple virtual private networks in which multiple interconnect providers are interconnected so that the end-to-end service quality is met.
  • DETAILED DESCRIPTION OF THE DRAWINGS
  • The foregoing and other attributes of the present invention will be described with respect to the following drawings in which:
  • FIG. 1 is a block diagram of two interconnected virtual private networks according to the present invention;
  • FIG. 2 is a configuration of governance and management of separate virtual private networks;
  • FIG. 3 is a configuration of governance and management of interconnected virtual private networks according to the present invention;
  • FIG. 4 is an interconnection configuration for governance of multiple inter-connected virtual private networks according to the present invention;
  • FIG. 5 is a flow chart showing contractual obligations according to the present invention;
  • FIG. 6 is a diagram illustrating end-to-end latency in a virtual private network having multiple service providers;
  • FIG. 7 is a diagram illustrating end-to-end availability in a virtual private network having multiple service providers;
  • FIG. 8 is a diagram illustrating trouble handling in a virtual private network having multiple service providers;
  • FIG. 9 is a diagram illustrating an accountability model for a single virtual private network having multiple service providers;
  • FIG. 10 is a diagram illustrating an accountability model for multiple virtual private networks having multiple service providers according to the present invention;
  • FIG. 11 is a diagram illustrating end-to-end interconnection of two virtual private networks according to the present invention;
  • FIG. 12 is a diagram illustrating a trouble escalation model for interconnection of two virtual private networks according to the present invention;
  • FIG. 13 is a diagram illustrating a multiple virtual private network fee model for interconnection of two virtual private networks according to the present invention;
  • FIG. 14 is a diagram illustrating interconnection of two virtual private networks using a single transit certified service provider according to the present invention;
  • FIG. 15 is a diagram illustrating interconnection of two virtual private networks using a multiple transit certified service providers according to the present invention;
  • FIG. 16 is a diagram illustrating interconnection of multiple virtual private networks using a multiple transit certified service providers, where no single transit certified service provider connects all of the virtual private networks according to the present invention; and
  • FIGS. 17 a-c are alternative configurations for interconnecting multiple virtual private networks according to the present invention.
  • DETAILED DESCRIPTION
  • FIG. 1 shows a block diagram of two interconnected virtual private networks 20 and 22. The present system and method of the interconnecting multiple virtual private networks is not intended to be limited to only these types of networks and has applicability to a wide variety of virtual private networks.
  • Each virtual private network (VPN) 20 and 22 is shown having a trading partner (TP) 24 and 26, respectively. While FIG. 1 shows only one TP 24 and 26 for each virtual private network, there can in fact be hundreds or thousands of such TPs for each virtual private network. FIG. 1 is intended to define the end-to-end service quality concept, and for such a purpose, only one TP 24 and 26 is needed for each virtual private network 20 and 22.
  • The end-to-end service quality, provided by the present system and method of interconnecting multiple virtual private networks, cannot be achieved by simply interconnecting two virtual private networks, such as 20 and 22, with a wire. The end-to-end service quality incorporates a user-centric philosophy, where the user is the TP or subscriber. The user is guaranteed a minimum level of service encompassing factors that include: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling. Simply connecting the two virtual private networks 20 and 22 with a wire will not achieve the minimum satisfactory levels for these factors.
  • To achieve such minimum levels of satisfactory performance for these factors the system and method must include a way to resolve disputes between the two virtual private networks. Referring to FIG. 2, each VPN 20 and 22 is shown as having its own governance, program management, competition policy, contracts, service assurance, and service description. While each virtual private network can operate with a successful level of end-to-end service quality when each VPN is not interconnected to another VPN, the governance, program management, competition policy, contracts, service assurance, and service description may need to be revised when interconnecting two or more VPNs in order to maintain the end-to-end service quality. It will be appreciated that at the very least the interconnection of at least two VPNs adds at least one additional level of complexity with regard to service between the VPNs.
  • One resolution is shown in FIG. 3, in which each VPN 20 and 22 maintain their own governance, but the program management, competition policy, contracts, service assurance, and service description for the two VPNs 20 and 22 are unified. Such unification means that where the parameters for the program management, competition policy, contracts, service assurance, and service description of the two VPNs 20 and 22 are different, the parameter used in one of the networks is chosen as the acceptable minimum standard or a compromise parameter different from the parameter used in each of the VPNs is agreed upon. It is possible that the parameters for communication within each VPN need not change, while the new parameters are used only when communicating between VPNs. FIG. 3 further shows that the system and method contemplate connecting more than two VPNs.
  • One configuration for governance of multiple interconnected VPNs is shown in FIG. 4. In this scenario each VPN has its own program overseer (POVER) 30, and a global, or multiple virtual private networks, overseer (GOVER) 32 is provided to resolve issues between the POVERs 30. Arrows are shown between the POVERs 30 indicating that the POVERs 30 are free to resolve their issues without requiring the GOVER 32. The GOVER is called on when direct POVER-to-POVER resolution fails. Each of the POVERs 30 governs one of the regional VPNs, while the GOVER 32 oversees the interconnection of the VPNs.
  • The GOVER is responsible for end-to-end quality assurance, and in particular acts as an inter-VPN interconnection certifier. The GOVER certifies interconnection facilities, and certifies a global CASP-CASP trust model. The GOVER also is an inter-VPN arbitrator that steps in when POVERs cannot resolve trouble between them.
  • Since the VPNs are used to running their networks in isolation, the interconnection of multiple VPNs has unique issues such as resolving trouble and conflicts between the VPNs and maintenance of minimum end-to-end service quality across the multiple programs. Since the system and method of the present invention are directed to providing specific end-to-end service quality, it must be possible for TPs to quantify the end-to-end service quality levels, and these service quality levels must be sufficient to allow applications to work across the multiple VPNs. Therefore, a high level of metric compatibility and measurement techniques are required.
  • In the ANX type VPN each TP, CSP and CEP must meet specified criteria to become certified and to maintain that certification. The certification provides the TPs or subscribers with confidence that the level oF transport and security will meet their business needs. The ANX type VPN utilizes multiple CSPs. On one level it is easier to run a VPN where all TPs are required to use a single CSP. The use of multiple CSPs in the ANX type VPN fosters competition between the CSPs and allows the VPN to reach TPs that may not be serviced by a single CSP. The implementation of multiple CSPs, however, brings with it the drawback of insuring that the CSPs can talk to one another. Whether the connection from one TP to another TP within the same VPN is through a single CSP of two CSPs should be invisible to the TPs. The TPs need never know when one or more CSPs are used for any particular connection. The certification process ensures that the TPs use one of the certified IPSec devices at their premises, and that the CSPs will utilize certified equipment and meet certain metrics so as to achieve the end-to-end service quality guaranteed to the TPs. In this manner, the multiple CSPs will be able to communicate with one another. The CSPs must meet business criteria, technical metrics, ongoing monitoring, trouble-handling criteria, routing registry criteria, and domain name registry criteria to achieve and maintain certification.
  • FIG. 5 shows the contractual obligations of the members of an ANX-type VPN. The TPs 40 contract with the VPN, as denoted in FIG. 5 by the arrows to the overseer 50, and contract with one of the multiple CSPs 42. The CSPs contract with the VPN and with the CEPO 44. The CEPO 44 contracts with the VPN. Each entity is responsible for the services that that entity provides.
  • The technical metrics for achieving end-to-end service quality in the ANX-type network include among other metrics, latency and availability. FIG. 6 illustrates the end-to-end latency within the ANX network. The TP1 router 60 is connected to ANX CSP 1 62, which in turn is connected to ANX CEPO 64. TP2 router 66 is connected to ANX CSP 2 68, which is connected to ANX CEPO 64. The packet latency from each router 60 and 66 through the corresponding CSP is 125 msec. The latency through the ANX CEPO is on the order of microseconds. The total packet latency through the network is therefore only slightly more than 250 msec.
  • FIG. 7 illustrates the end-to-end availability metric. The Access network, between the TP1 router 60 and the ANX CSP 1 62 is permitted to be unavailable 43.80 hours/year. The ANX CSP 1 62 may only be unavailable 2.63 hrs./year. The trunk 65 between the ANX CSP 1 62 and the ANX CEPO 64 may only be unavailable 1.76 hrs./year. The ANX CEPO 64 may only be unavailable 0.44 hours/year. The foregoing availabilities yield a total of 99.895% availability or 9.22 hours per year downtime.
  • The outline for how trouble is handled within the ANX-type VPN is shown in FIG. 8. There are effectively five layers of trouble handling. At the first level trouble between TPs is handled directly between the two TPs. Similarly, issues between the TPs and the CSPs are handled between the two parties. CSPs and the CEPOs also resolve their troubles between the troubled parties. A network overseer is provided to handle troubles that cannot be handled in the foregoing scenarios. The overseer can take complaints from the TPs, the CSPs, and the CEPOs.
  • A key to providing predictable end-to-end service quality is that the TPs must know the level of service they receive. To this end four service provider accountability levels exist. First, service providers, both interconnect providers and CSPs, must timely fix infrequent service provider troubles. Second, there must be end-to-end service provider cooperation to handle any troubles. Third, recourse must be provided to resolve disputes in the event of disagreement between CSPs and/or interconnect providers. Fourth, recourse must be provided to resolve continued non-compliance with the end-to-end service quality.
  • Referring to FIGS. 9 and 10, charts for single VPN and interconnected VPNs are shown, respectively. In FIG. 9, the CSPs 70, CEPOs 72 and CASPs 74 are accountable to the POVER 76. The POVER 76 is accountable to the body 78 representing the TPs. The body 78 is accountable a regional/national arbitration body 80. Where multiple VPNs are interconnected in FIG. 10, the CSPs 70, the CEPOs 72, and CASPs 74 are accountable to the POVERs 76. The POVERs 76 are accountable to a GOVER 77, which in turn is accountable to the body 78. The body 78, instead of being accountable to the regional/national arbitration body 80, is accountable to an international arbitration body 82.
  • The GOVER/POVER model is but one way to oversee ensuring of the end-to-end service quality and metric compatibility. How the ANX-type networks are connected will be discussed below. In this context there must be five key types of end-to-end technology compatibility: 1 network interconnection that ensures a trading partner on one VPN can reach any trading partner on the other VPN; 2 routing compatibility that ensures any trading partner on one VPN can logically reach any TP on the other VPN; 3 naming compatibility, e.g. so the web names or e-mail names of any trading partner on one VPN can be resolved to an address that is routable over the two VPNs; 4 IPSec compatibility; and 5 digital security certificate compatibility across multiple VPNs. While FIGS. 9 and 10 refer to regional/national VPNs and international arbitration, the VPNs need not be limited to a specific country or geographical area. Any ANX-type VPN, regardless of the location of its subscribers could be interconnected.
  • While FIG. 1 illustrated the interconnection of two VPNs 20 and 22, a significant element is missing. FIG. 11 shows two VPNs, that have multiple service providers, which are connected through an inter-program service provider, also called an interconnect provider. The Tel-2 specification is still used as the basic guide in determining the end-to-end service quality, however regional or particular VPN peculiarities, referred to as deltas, must be considered when establishing the interconnected end-to-end service quality standards.
  • Returning to the GOVER/POVER model for overseeing interconnected VPNs; FIG. 12 illustrates an end-to-end trouble escalation model. It is expected that CSPs will work together to resolve trouble before contacting a POVER. Similarly, the POVERs and/or the POVERs and the interconnect provider are expected to work together to resolve trouble before contacting the GOVER.
  • When expanding from a single VPN to interconnected VPNs the inherent costs of running the system naturally increase. How such costs are distributed is an important part of the system. As shown in FIG. 13, the POVERs 100 pay fees to the GOVER to offset the costs of maintaining the GOVER. The VPNs having multiple service providers in turn pay fees to support the POVER. Furthermore the interconnect providers pay a certification fee to the GOVER for certification as a interconnect provider between VPNs.
  • There are multiple methods of interconnecting multiple VPNs with interconnect providers. As shown in FIG. 14, all the VPNs, having multiple service providers, can be interconnected using a single interconnect provider. Alternatively, all the VPNs can be interconnected by multiple interconnect providers, as shown in FIG. 15, thereby creating competition between the interconnect providers, just as there is competition between the CSPs in a single xNX-type VPN. Finally, as shown in FIG. 16, where no suitable interconnect provider is available to connect all the VPNs having multiple service providers, multiple interconnect providers are used. These interconnect providers service different combinations of VPNs. In FIG. 16, interconnect provider 120 interconnects VPNs having multiple service providers 122, 124, and 126. Interconnect provider 130 interconnects VPNs having multiple service providers 132 and 126. As a result, a TP of VPN 132 must connect through both Interconnect provider 130 and Interconnect provider 120 to reach TPs of either VPN 122 or 124.
  • How the multiple VPNs interconnect will directly affect the resulting end-to-end service quality. FIGS. 17 a-c illustrate potential configurations of multiple VPNs. In FIG. 17 a a first TP 200 connects to a first CSP 210. The CSP 210 connects to a first exchange point 220. The TP 200, CSP 210, and the exchange point 220 are within a first VPN 240. A second TP 250 connects to a second CSP 260, which connects to a second exchange point 270. The TP 250, CSP 260 and exchange point 270 are within a second VPN 280. The two VPNs 240 and 280 are interconnected by an Interconnect provider 300, which is connected to the exchange points 220 and 270.
  • In FIG. 17 b, TP 200, CSP 210, exchange point 220 and Interconnect provider 300 are connected in the same manner shown in FIG. 17 a. While the second TP 250 is connected to the CSP 260, the exchange point 270 is not provided. Instead CSP 260 is shown as connecting directly to the Interconnect provider 300. This embodiment encompasses the situation where the Interconnect provider 300 and CSP 260 are the same entity or are directly wired. FIG. 17 c is similar to FIG. 17 b, except that the Interconnect provider 300 also acts as a CSP 320, and a third TP 310 is connected directly to the Interconnect provider 300/CSP 320.
  • As stated previously, while the end-to-end service quality is based upon the TEL-2 specification, the degree to which the TEL-2 specification needs to be modified to interconnect multiple VPNs depends upon the chosen complexity of the interconnection. An xNX-type VPN uses a maximum of two CSPs between any two TPS. A larger value, either three or four, is needed for multiple VPNs. The Interconnect provider will account for one additional CSP, and for configuration set forth in FIG. 16, two Interconnect providers are employed in addition to the two CSPs yielding four CSPs.
  • Having described several embodiments of the system and method for interconnecting multiple virtual private networks in accordance with the present invention, it is believed that other modifications, variations and changes will be suggested to those skilled in the art in view of the description set forth above. It is therefore to be understood that all such variations, modifications and changes are believed to fall within the scope of the present invention as defined in the appended claims.

Claims (15)

1. A system of interconnecting a plurality of virtual private networks, the system comprising:
a plurality of virtual private networks, each of the virtual private networks having multiple service providers;
at least one interconnect provider configured to connect the plurality of virtual private networks; and
a global overseer configured to ensure end-to-end service quality across multiple ones of the plurality of virtual private networks.
2. The system of claim 1, wherein end-to-end service quality across multiple ones of the plurality of virtual private networks includes maintaining minimum standards for cross network services, virtual private network interoperability, inter-network performance, inter-network reliability, disaster recovery and business continuity, inter-network security, inter-network customer care, and inter-network trouble handling across multiple ones of the plurality of virtual private networks.
3. The system of claim 2, wherein end-to-end service quality across multiple ones of the plurality of virtual private networks includes maintaining the minimum standards from a first subscriber of one of the plurality of virtual private networks to a second subscriber of another of the plurality of virtual private networks.
4. The system of claim 1, wherein end-to-end service quality across multiple ones of the plurality of virtual private networks includes maintaining packet latency below a maximum acceptable value between a first subscriber of one of the plurality of virtual private networks to a second subscriber of another of the plurality of virtual private networks.
5. The system of claim 1, wherein end-to-end service quality across multiple ones of the plurality of virtual private networks includes maintaining an operable connection within a maximum acceptable period of unavailability between a first subscriber of one of the plurality of virtual private networks to a second subscriber of another of the plurality of virtual private networks.
6. The system of claim 1, wherein each of the plurality of virtual private networks comprises a program overseer configured to ensure end-to-end service quality across its corresponding virtual private network.
7. The system of claim 6, wherein the global overseer is configured to resolve disputes between ones of the program overseers.
8. The system of claim 6, wherein the global overseer is configured to resolve disputes between one of the program overseers and the at least one interconnect provider.
9. The system of claim 6, wherein each of the program overseers is configured to resolve disputes between the multiple service providers within its corresponding virtual private network.
10. The system of claim 1, wherein the at least one interconnect provider includes at least two interconnect providers, wherein the at least two interconnect providers service at least one different virtual private network of the plurality of virtual private networks.
11. The system of claim 1, wherein end-to-end service quality includes a quantified end-to-end service quality level.
12. The system of claim 11, wherein the quantified end-to-end service quality is a parameter of operation of one of the plurality of virtual private networks.
13. A method of interconnecting at least one interconnect provider between a plurality of virtual private networks to ensure end-to-end service quality across multiple ones of the plurality of virtual private networks, each of the virtual private networks having multiple subscribers, multiple service providers, and at least one exchange point interconnecting the plurality of multiple service providers, the method comprising steps of:
providing at least one interconnect provider disposed between a first set of the multiple service providers in one of the plurality of virtual private networks and a second set of the multiple service providers in a second one of the plurality of virtual private networks; and
providing a global overseer coupled to the at least one interconnect provider, wherein the global overseer is configured to ensure end-to-end service quality across multiple ones of the plurality of virtual private networks.
14. The method of claim 13, further comprising a step of providing at least one exchange point between the first set of the multiple service providers and the at least one interconnect provider.
15. The method of claim 14, further comprising a step of providing at least one second exchange point between the second set of the multiple service providers and the at least one interconnect provider.
US11/382,139 1999-08-31 2006-05-08 System and Method for Interconnecting Multiple Virtual Private Networks Abandoned US20060227786A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/382,139 US20060227786A1 (en) 1999-08-31 2006-05-08 System and Method for Interconnecting Multiple Virtual Private Networks

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15156399P 1999-08-31 1999-08-31
US09/653,201 US7072964B1 (en) 1999-08-31 2000-08-31 System and method for interconnecting multiple virtual private networks
US11/382,139 US20060227786A1 (en) 1999-08-31 2006-05-08 System and Method for Interconnecting Multiple Virtual Private Networks

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/653,201 Continuation US7072964B1 (en) 1999-08-31 2000-08-31 System and method for interconnecting multiple virtual private networks

Publications (1)

Publication Number Publication Date
US20060227786A1 true US20060227786A1 (en) 2006-10-12

Family

ID=36613885

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/653,201 Expired - Lifetime US7072964B1 (en) 1999-08-31 2000-08-31 System and method for interconnecting multiple virtual private networks
US11/382,139 Abandoned US20060227786A1 (en) 1999-08-31 2006-05-08 System and Method for Interconnecting Multiple Virtual Private Networks

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/653,201 Expired - Lifetime US7072964B1 (en) 1999-08-31 2000-08-31 System and method for interconnecting multiple virtual private networks

Country Status (1)

Country Link
US (2) US7072964B1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
ATE492973T1 (en) 1998-10-30 2011-01-15 Virnetx Inc NETWORK PROTOCOL FOR PROTECTED COMMUNICATIONS
US6826616B2 (en) 1998-10-30 2004-11-30 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network
US6502135B1 (en) * 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
AU2001278879A1 (en) * 2000-07-07 2002-02-05 Science Applications International Corporation A system or method for calling a vanity number using speech recognition
US20020184368A1 (en) * 2001-04-06 2002-12-05 Yunsen Wang Network system, method and protocols for hierarchical service and content distribution via directory enabled network
US9184929B2 (en) * 2001-11-26 2015-11-10 Arris Enterprises, Inc. Network performance monitoring
GB2416272B (en) * 2004-07-13 2009-03-04 Vodafone Plc Dialling of numbers in a communications system
US20070121603A1 (en) * 2005-09-30 2007-05-31 Clark Joseph E Iii Method and system for creating VoIP routing registry
US9524167B1 (en) * 2008-12-10 2016-12-20 Amazon Technologies, Inc. Providing location-specific network access to remote services
US10880162B1 (en) 2012-07-06 2020-12-29 Cradlepoint, Inc. Linking logical broadcast domains
US10110417B1 (en) 2012-07-06 2018-10-23 Cradlepoint, Inc. Private networks overlaid on cloud infrastructure
US9992062B1 (en) 2012-07-06 2018-06-05 Cradlepoint, Inc. Implicit traffic engineering
US10601653B2 (en) 2012-07-06 2020-03-24 Cradlepoint, Inc. Implicit traffic engineering
US10177957B1 (en) 2012-07-06 2019-01-08 Cradlepoint, Inc. Connecting a cloud network to the internet
US10560343B1 (en) 2012-07-06 2020-02-11 Cradlepoint, Inc. People centric management of cloud networks via GUI
US10135677B1 (en) 2012-07-06 2018-11-20 Cradlepoint, Inc. Deployment of network-related features over cloud network
US9918346B2 (en) * 2015-04-17 2018-03-13 Barracuda Networks, Inc. System for connecting, securing and managing network devices with a dedicated private virtual network
US10938641B1 (en) * 2018-11-09 2021-03-02 Amazon Technologies, Inc. On-demand development environment

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5953338A (en) * 1996-12-13 1999-09-14 Northern Telecom Limited Dynamic control processes and systems for asynchronous transfer mode networks
US6079020A (en) * 1998-01-27 2000-06-20 Vpnet Technologies, Inc. Method and apparatus for managing a virtual private network
US6081524A (en) * 1997-07-03 2000-06-27 At&T Corp. Frame relay switched data service
US6175917B1 (en) * 1998-04-23 2001-01-16 Vpnet Technologies, Inc. Method and apparatus for swapping a computer operating system
US6363053B1 (en) * 1999-02-08 2002-03-26 3Com Corporation Method and apparatus for measurement-based conformance testing of service level agreements in networks
US6366563B1 (en) * 1999-12-22 2002-04-02 Mci Worldcom, Inc. Method, computer program product, and apparatus for collecting service level agreement statistics in a communication network
US6459682B1 (en) * 1998-04-07 2002-10-01 International Business Machines Corporation Architecture for supporting service level agreements in an IP network
US6493349B1 (en) * 1998-11-13 2002-12-10 Nortel Networks Limited Extended internet protocol virtual private network architectures
US6529499B1 (en) * 1998-09-22 2003-03-04 Lucent Technologies Inc. Method for providing quality of service for delay sensitive traffic over IP networks
US6556541B1 (en) * 1999-01-11 2003-04-29 Hewlett-Packard Development Company, L.P. MAC address learning and propagation in load balancing switch protocols
US20030149899A1 (en) * 1999-01-29 2003-08-07 International Business Machines Corporation System and method for network address translation integration with IP security
US6609153B1 (en) * 1998-12-24 2003-08-19 Redback Networks Inc. Domain isolation through virtual network machines
US6622170B1 (en) * 1999-09-10 2003-09-16 International Business Machines Corporation System and method for DEN/LDAP client database access with a backoff capability
US6937574B1 (en) * 1999-03-16 2005-08-30 Nortel Networks Limited Virtual private networks and methods for their operation
US7194426B1 (en) * 1999-02-26 2007-03-20 Accenture Llp Customizing an electronic interface to the government

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6104701A (en) 1996-12-13 2000-08-15 International Business Machines Corporation Method and system for performing a least cost routing function for data communications between end users in a multi-network environment
US6097722A (en) * 1996-12-13 2000-08-01 Nortel Networks Corporation Bandwidth management processes and systems for asynchronous transfer mode networks using variable virtual paths
US6173399B1 (en) * 1997-06-12 2001-01-09 Vpnet Technologies, Inc. Apparatus for implementing virtual private networks
US6226748B1 (en) * 1997-06-12 2001-05-01 Vpnet Technologies, Inc. Architecture for virtual private networks
US6141409A (en) * 1997-11-13 2000-10-31 Ameritech Method of operating a virtual private network
US6148337A (en) * 1998-04-01 2000-11-14 Bridgeway Corporation Method and system for monitoring and manipulating the flow of private information on public networks
US6226751B1 (en) * 1998-04-17 2001-05-01 Vpnet Technologies, Inc. Method and apparatus for configuring a virtual private network
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
US6788681B1 (en) * 1999-03-16 2004-09-07 Nortel Networks Limited Virtual private networks and methods for their operation
US6694437B1 (en) * 1999-06-22 2004-02-17 Institute For Information Technology System and method for on-demand access concentrator for virtual private networks

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5953338A (en) * 1996-12-13 1999-09-14 Northern Telecom Limited Dynamic control processes and systems for asynchronous transfer mode networks
US6081524A (en) * 1997-07-03 2000-06-27 At&T Corp. Frame relay switched data service
US6079020A (en) * 1998-01-27 2000-06-20 Vpnet Technologies, Inc. Method and apparatus for managing a virtual private network
US6459682B1 (en) * 1998-04-07 2002-10-01 International Business Machines Corporation Architecture for supporting service level agreements in an IP network
US6175917B1 (en) * 1998-04-23 2001-01-16 Vpnet Technologies, Inc. Method and apparatus for swapping a computer operating system
US6529499B1 (en) * 1998-09-22 2003-03-04 Lucent Technologies Inc. Method for providing quality of service for delay sensitive traffic over IP networks
US6493349B1 (en) * 1998-11-13 2002-12-10 Nortel Networks Limited Extended internet protocol virtual private network architectures
US6609153B1 (en) * 1998-12-24 2003-08-19 Redback Networks Inc. Domain isolation through virtual network machines
US6556541B1 (en) * 1999-01-11 2003-04-29 Hewlett-Packard Development Company, L.P. MAC address learning and propagation in load balancing switch protocols
US20030149899A1 (en) * 1999-01-29 2003-08-07 International Business Machines Corporation System and method for network address translation integration with IP security
US6363053B1 (en) * 1999-02-08 2002-03-26 3Com Corporation Method and apparatus for measurement-based conformance testing of service level agreements in networks
US7194426B1 (en) * 1999-02-26 2007-03-20 Accenture Llp Customizing an electronic interface to the government
US6937574B1 (en) * 1999-03-16 2005-08-30 Nortel Networks Limited Virtual private networks and methods for their operation
US6622170B1 (en) * 1999-09-10 2003-09-16 International Business Machines Corporation System and method for DEN/LDAP client database access with a backoff capability
US6366563B1 (en) * 1999-12-22 2002-04-02 Mci Worldcom, Inc. Method, computer program product, and apparatus for collecting service level agreement statistics in a communication network

Also Published As

Publication number Publication date
US7072964B1 (en) 2006-07-04

Similar Documents

Publication Publication Date Title
US20060227786A1 (en) System and Method for Interconnecting Multiple Virtual Private Networks
US11218363B2 (en) Interconnection platform for real-time configuration and management of a cloud-based services exchange
CN108551464B (en) Connection establishment and data transmission method, device and system of hybrid cloud
US10230588B2 (en) Dynamically deployable self configuring distributed network management system using a trust domain specification to authorize execution of network collection software on hardware components
US8239520B2 (en) Network service operational status monitoring
KR101493312B1 (en) Control mechanism for reliability and availability setting in virtual networks
EP2076999B1 (en) Network service usage management systems and methods
KR20080008357A (en) Network services infrastructure systems and methods
WO2001016766A9 (en) System and method for interconnecting multiple virtual private networks
US10528759B2 (en) Application programming interface bridge for transporting a local request from a local client system to a target server system, and method thereof
JP2003520533A (en) Communication network
US20130138793A1 (en) Network information processing system, a network information processing apparatus and a data processing method
US20030149889A1 (en) Automatic communication and security reconfiguration for remote services
Cisco Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2 T
US8364837B2 (en) Virtual web service
US11856117B1 (en) Autonomous distributed wide area network having control plane and order management on a blockchain
Fowler Cloud Network Engineering
Milinović et al. Deliverable DS5. 1.1: eduroam Service Definition and Implementation Plan
Hughes Requirements of a middleware for managing a large, heterogeneous programmable network
Murphy et al. Comprehensive Routing Security Development and Deployment for the Internet
Cossu et al. D5. 2: XIFI Core Backbone
CA2316428A1 (en) System and method for provisioning a virtual private network

Legal Events

Date Code Title Description
AS Assignment

Owner name: ANXEBUSINESS CORP., MICHIGAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SCIENCE APPLICATIONS INTERNATIONAL CORPORATION;REEL/FRAME:018490/0568

Effective date: 20061027

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION