logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8650618 B1

PDFFull Text
Date of Patent:
Feb. 11, 2014

Filed:

Jul. 22, 2009

Integrating service insertion architecture and virtual private network

Applicants:

Rajiv Asati, Morrisville, NC (US);

Mohamed Khalid, Cary, NC (US);

Sunil Cherukuri, Morrisville, NC (US);

Kenneth A. Durazzo, San Ramon, CA (US);

Shree Murthy, San Jose, CA (US);

Inventors:

Rajiv Asati, Morrisville, NC (US);

Mohamed Khalid, Cary, NC (US);

Sunil Cherukuri, Morrisville, NC (US);

Kenneth A. Durazzo, San Ramon, CA (US);

Shree Murthy, San Jose, CA (US);

Assignee:

Cisco Technology, Inc., San Jose, CA (US);

Attorney:

Hickman Palermo Truong Becker Bingham Wong LLP

Primary Examiner:

Beemnet Dada

Int. Cl.
CPC ...
G06F 7/04 (2006.01);
U.S. Cl.
CPC ...
Abstract

Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.

Find Patent Forward Citations

Loading…