WO2009058058A1 - A method and a device for improved connectivity in a vpn - Google Patents

A method and a device for improved connectivity in a vpn Download PDF

Info

Publication number
WO2009058058A1
WO2009058058A1 PCT/SE2007/050799 SE2007050799W WO2009058058A1 WO 2009058058 A1 WO2009058058 A1 WO 2009058058A1 SE 2007050799 W SE2007050799 W SE 2007050799W WO 2009058058 A1 WO2009058058 A1 WO 2009058058A1
Authority
WO
WIPO (PCT)
Prior art keywords
hvpn
messages
connectivity
gateway
router
Prior art date
Application number
PCT/SE2007/050799
Other languages
French (fr)
Inventor
Hans-Åke LUND
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2007/050799 priority Critical patent/WO2009058058A1/en
Publication of WO2009058058A1 publication Critical patent/WO2009058058A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/283Processing of data at an internetworking point of a home automation network
    • H04L12/2834Switching of information between an external network and a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1836Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with heterogeneous network architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • a method and a device for improved connectivity in a VPN are described.
  • the present invention discloses a method for use in a computer network such as a Virtual Private Network, a VPN, the network being able to comprise a plurality of devices which can communicate with each other via at least a first and a second kind of connectivity.
  • the method is intended for the case when a first device of the VPN connects to the VPN via a first gateway which is external to the VPN.
  • LANs In home Local Area Networks, LANs, several technologies which are used for devices in home LANs depend on the existence of so called IP Multicast and/or Broadcast connectivity between the devices. This is applicable to, for example, the so called DLNA technology, Digital Living Network Alliance, which uses UPnP, universal Plug and Play, for service discovery.
  • IP Multicast IP Multicast
  • Broadcast connectivity between the devices. This is applicable to, for example, the so called DLNA technology, Digital Living Network Alliance, which uses UPnP, universal Plug and Play, for service discovery.
  • IP Broadcast also exists for the Windows file-sharing protocol known as CIFS, Common Internet File System, when used in a home LAN between, for example, devices based on Windows and Linux.
  • CIFS Common Internet File System
  • the dependency will also usually exist for IP address assignment methods like DHCP, Dynamic Host Configuration Protocol.
  • a home LAN such as a home VPN, a HVPN
  • a HVPN is geographically distributed over more than one location, so that devices of the HVPN need to connect to the HVPN via gateways which are external to the HVPN, and the connection between the HVPN devices relies on IP only
  • the Multicast and Broadcast connectivities will not function, since IP Multicast and Broadcast will be filtered out in the access network due to security and scalability reasons.
  • the need for IP Multicast and Broadcast connectivity between devices in a home VPN is apparent if, for example one part of the home VPN is hosted by an access or service operator, and the rest of the home VPN is still "at home", a need which becomes even more apparent in a so called Home Virtual Private Network, a home VPN.
  • Such a solution is offered by the present invention in that it discloses a method for use in a computer network such as a Home Virtual Private Network, a HVPN, the network being able to comprise a plurality of devices which can communicate with each other via at least a first and a second kind of connectivity.
  • a computer network such as a Home Virtual Private Network, a HVPN
  • the network being able to comprise a plurality of devices which can communicate with each other via at least a first and a second kind of connectivity.
  • the method of the invention is intended for the case when a gateway which is external to the HVPN is or has been connected to the HVPN, and a first device of the HVPN connects to the HVPN via said external gateway, so that the first device is "external" to the HVPN while still belonging to it logically.
  • first and second connections are established between the HVPN and the external gateway for sending messages of said first and second connectivity respectively between the external gateway and the HVPN.
  • messages between the HVPN and the first device are recognized by the network or the external gateway as being of either said first or second connectivity, and depending on a message's type of connectivity, the message is sent via the appropriate connection between the first device and the HVPN.
  • the network which uses the invention will have the ability to recognize devices which logically belong to the VPN but which are geographically located outside of the VPN, and will also be able to accommodate the special needs those "outside devices" have for communication with their VPN via the gateway, the problems mentioned above can be solved.
  • the first kind of connectivity is Unicast
  • the second kind is Multicast and/or Broadcast.
  • the first device connects to the network via an IP connection.
  • the first connection for sending messages may be an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast.
  • the second connection is transmissions where the devices send data packets directly to each other, since the transmitting device knows the IP-address of the receiving device, and accordingly, the corresponding second kind of connectivity is Unicast.
  • the first gateway identifies which of a plurality of VPNs that the device belongs to by means of information stored externally to the gateway, suitably but not necessarily in a so called AAA-server, Authentication, Authorization and Accounting.
  • the VPN connects to the gateway via a so called Residential gateway, i.e. a gateway which is part of the VPN.
  • Residential Gateway can comprise a function for recognizing outgoing messages of the second kind of connectivity, and also for encapsulating such outgoing messages into IP tunnel messages.
  • a device in the VPN can comprises a function for recognizing outgoing messages of the second kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages.
  • incoming messages to the HVPN may be decapsulated by the Residential Gateway and sent to the proper destination in the HVPN, or the decapsulation may alternatively be carried out by a function in the VPN.
  • the invention also comprises a router for use as the Residential Gateway mentioned above.
  • Fig 1 shows a system in which a first embodiment of the invention is employed
  • Fig 2 shows a system in which a second embodiment of the invention is employed
  • Fig 3 shows a schematic flowchart of a method of the invention
  • Fig 4 shows a block diagram of a router of the invention.
  • Fig 1 shows a system 100 in which a first embodiment of the invention is employed.
  • the system 100 comprises a Home Virtual Private Network, a HVPN 110, which is connected to a residential gateway, RG 130, which may be a part of the HVPN 110, or external to it.
  • the HVPN 110 is by means of the RG 130 connected to a second gateway GW2 170, which is external to the HVPN 110.
  • the invention is intended for a case when a device which belongs to the HVPN 110 but is geographically situated outside of it wishes to communicate with another device belonging to the HVPN, said other device suitably being located inside of the HVPN geographically, although the invention may also be used to cover the case when two devices of the HVPN 110 need to communicate with each other, and both devices are located geographically outside of the home or office etc to which the HVPN belongs.
  • fig 1 shows a first device D1 112 which belongs to the HVPN 110 and which is situated inside of it geographically, and a second device D2 180 of the HVPN which is situated outside of the HVPN geographically.
  • the invention is intended to address the case when certain kinds of connectivities are used or need to be used between the two devices D1 and D2.
  • Examples of such connectivities are so called Multicast and Broadcast, although the man skilled in the field will realize that the principles of the invention described in this text may be applied to other kinds of connectivities as well.
  • the invention proposes a solution by means of which Multicast and/or Broadcast messages are identified and encapsulated into tunnelled IP packets, and then exchanged between the parties in the communication over an IP tunnel. Messages which are not Multicast or Broadcast, i.e. Unicast, are identified as such, and are exchanged between the devices D1 and D2 via an "ordinary" connection, i.e. directly by means of the receiving device's IP address.
  • the tunnel for Multicast and/or Broadcast is preferably established in the following manner:
  • D2 180 and D1 112 are part of the same HVPN, in this case the HVPN 110, the two tunnels 122 and 124 are connected to each other in GW2, so that D1 and D2 can exchange Broadcast and Multicast messages.
  • the device D2 may be one of a variety of different devices which can be used in a HVPN, such as, for example, cellular telephones and portable computers.
  • the GW2 receives information from the device D2 regarding, inter alia, the identity of the device D2. This information is sent by the GW2 to a server in the system, a so called AAA server 175 (Authentication, Authorization, Accounting) which has information about all authorized devices, including which HVPN, if any, that they belong to.
  • AAA server 175 Authentication, Authorization, Accounting
  • the AAA server returns information to the GW2 regarding the device which is trying to connect, in this case the device D2, among which information in this case is the fact that the device D2 belongs to a specific HVPN, the HVPN 110.
  • the GW2 is able to connect the two tunnels 122 and 124.
  • the tunnel between the HVPN 110 and the device D2 180 can also be seen as comprising a number of segments, in this case the two tunnels 122 and 124.
  • the RG 130 has an ordinary connection 120, i.e. not a tunnel, to the HVPN 110, said ordinary connection being, for example, Ethernet, WLAN or USB, Universal Serial Bus.
  • RG 130 which can identify and encapsulate outgoing Multicast and/or Broadcast signalling packets into tunnelled IP packets.
  • the function in the RG 130 will classify outgoing signalling packets by means of user configured rules which will be used to determine if an outgoing packet needs to be encapsulated into so called tunnelled IP packets and sent via the tunnel 122, the encapsulation suitably being, for example, IP-in-IP or GRE, Generic Routing Encapsulation
  • the RG 130 also needs to comprise a function for decapsulating signalling packets which are received from GW2 over the tunnel.
  • the RG 130 is shown as comprising the following three functions:
  • ES 140 which may be optional if there, for example, is only one device in the HVPN
  • a Broadcast/Multicast function, B/M150 which serves to identify and to encapsulate outgoing broadcast and multicast messages into IP tunnel messages, and to identify and decapsulate incoming such messages
  • a DSL modem 160 will only be comprised in the RG or the HVPN if a DSL connection is used.
  • the DSL modem may be replaced by corresponding functions for other types of connections, such as FTTH, Fibre to The Home, Ethernet or a residential broadband connection.
  • gateway GW2 170 also needs to comprise functions for encapsulating and decapsulating signalling packets to and from the HVPN, suitably in the following manner:
  • Encapsulated packets which are received over the tunnel 122 from the HVPN should be decapsulated by the GW2 and then forwarded to their end destination, i.e. in this case the device D2.
  • a decapsulated packet may be encapsulated in GW2 before it is forwarded to D2, depending on the functionality in D2, since not all devices have a decapsulating function.
  • Messages which are received from the device D2 should be recognised as being Multicast and/or Unicast messages, and encapsulated into IP tunnelling messages before being forwarded to their destination, i.e. the RG 130. These messages will in the embodiment shown in fig 1 be decapsulated in the RG 130.
  • the network needs a means for forwarding messages between D1 and D2 which have not been classified as Multicast or Broadcast, i.e. Unicast messages.
  • a connection for such messages is set up, i.e. a connection for IP Unicast packets is set-up between D1 and D2, since this is the standard behaviour for routed IP connectivity mechanisms at present.
  • Fig 2 shows a system 200 in which a second embodiment of the invention is applied.
  • Components or functions in fig 2 which correspond to those of fig 1 have been given the same reference numbers as in fig 1 , and will not be explained in depth again.
  • the function B/M 150 for recognising and encapsulating outgoing Broadcast/Unicast messages and for decapsulating incoming messages from the tunnel from the device D2 has been placed inside the HVPN instead of in the RG 130, as shown in fig 1.
  • the B/M function may be implemented as a software application on a device such as a PC in the HVPN.
  • the decapsulating of messages to the device D2 which has been described previously as being carried out in the GW2 can instead of course be carried out by such a function in the D2,in which case the GW2 will not decapsulate messages, but will instead merely forward them capsulated to the device D2.
  • Fig 3 shows a rough flow chart of a method 300 of the invention. Steps which are options or alternatives are shown with dashed lines.
  • the method 300 is intended for the case, step 310, when a gateway 170 which is external (X-GW) to the HVPN is or has been connected to the HVPN and, step 315, a first device such as the device D2 180 show in figs 1 and 2 of the HVPN connects to the HVPN via the external gateway 170, so that the first device 180 is "external" to the HVPN while still belonging to it.
  • step 320 when the external gateway is or has been connected to the HVPN, first and second means are established between the HVPN and the external gateway 170 for sending messages of the first and second connectivity (C1 , C2) respectively between the external gateway and the HVPN.
  • messages between the HVPN 110 and the first device 170 are recognized, step 325, by the HVPN or the external gateway as being of either the first or the second kind of connectivity, and depending on a message's type of connectivity, the message is sent, step 330, via the appropriate means between the first device and the HVPN.
  • the expression “sends via the appropriate means” should here be seen as encompassing encapsulation or decapsulation when needed.
  • the first kind of connectivity can be Unicast and the second kind may be Multicast or Broadcast.
  • Step 340 shows that the first device 180 connects to the external gateway 170 via an IP connection.
  • said first means may be an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast.
  • the second means may suitably be a connection for IP Unicast packets
  • the external gateway identifies which of a plurality of VPNs that the device belongs to by means of information stored externally to the external gateway, suitably in a so called AAA-server 175, Authentication, Authorization and Accounting.
  • the HVPN 110 may connect to the external gateway 170 via a so called Residential Gateway 130 (RG), i.e. a gateway which is part of the VPN.
  • the Residential Gateway 130 may comprise a function 150 for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages.
  • the Residential Gateway 130 may comprise a function for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN 110.
  • the HVPN 110 may comprise a function 150 for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages, and/or also for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN.
  • Fig 4 shows a rough block diagram of a router 400 of the invention. Components which are options or alternatives are shown in dashed lines.
  • the router 400 is intended for use as a Residential Gateway such as the one 130 in figs 1 and 2 in a computer network such as the one 110 in those figures, i.e. for example a Home Virtual Private Network, a HVPN.
  • the network in which the router may be used can comprise devices such as D1 and D2 of figs 1 and 2, which can communicate with each other via at least a first and a second kind of connectivity, and as indicated in block 410, the router 400 comprises for connecting a HVPN in which the router is used as a Residential Gateway to a gateway, GW, which is external to the HVPN.
  • devices such as D1 and D2 of figs 1 and 2, which can communicate with each other via at least a first and a second kind of connectivity, and as indicated in block 410, the router 400 comprises for connecting a HVPN in which the router is used as a Residential Gateway to a gateway, GW, which is external to the HVPN.
  • the inventive router comprises means 420 for establishing first and second kinds of communication, C1 , C2, to the external gateway 170 for exchanging messages of the first and second connectivities respectively between the external gateway 170 and the HVPN 110 of the router.
  • the router 400 also comprises means, block 430, for recognizing messages between the HVPN 110 of the router and the external gateway as being of either the first or second kind of connectivity, and the router comprises means, block 440, for sending a message via the appropriate means between the first device and the HVPN, depending on the message's type of connectivity.
  • the first kind of connectivity is Unicast and the second kind is Multicast or Broadcast
  • the first kind of communication may be an IP data tunnel which uses the L3 layer
  • the corresponding first kind of connectivity is Broadcast and/or Multicast.
  • Block 450 shows that the router 400 of the invention may further comprise means for encapsulating outgoing messages of the second kind of connectivity into IP tunnel messages, and, as shown in block 460, may also comprise means for decapsulating incoming messages from the tunnel as well as means for forwarding such messages to the proper destination in the HVPN 110.

Abstract

A method (300) for a HVPN which comprises devices (112) which communicate with each other via a first and a second kind of connectivity. The method (300) is used when a gateway (170) external to the HVPN is connected to the HVPN and (315) and a first device (180) of the HVPN connects to the HVPN via said external gateway (170). First and second means are established between the HVPN and the external gateway (170) for sending messages of said first and second connectivity respectively between the external gateway and the HVPN. Messages between the HVPN (110) and the first device (170) are recognized as being of said first or second kind of connectivity, and are sent (330) via the appropriate means between the first device and the HVPN.

Description

TITLE
A method and a device for improved connectivity in a VPN.
TECHNICAL FIELD The present invention discloses a method for use in a computer network such as a Virtual Private Network, a VPN, the network being able to comprise a plurality of devices which can communicate with each other via at least a first and a second kind of connectivity. The method is intended for the case when a first device of the VPN connects to the VPN via a first gateway which is external to the VPN.
BACKGROUND
In home Local Area Networks, LANs, several technologies which are used for devices in home LANs depend on the existence of so called IP Multicast and/or Broadcast connectivity between the devices. This is applicable to, for example, the so called DLNA technology, Digital Living Network Alliance, which uses UPnP, universal Plug and Play, for service discovery.
The dependency on IP Broadcast also exists for the Windows file-sharing protocol known as CIFS, Common Internet File System, when used in a home LAN between, for example, devices based on Windows and Linux. The dependency will also usually exist for IP address assignment methods like DHCP, Dynamic Host Configuration Protocol.
If a home LAN such as a home VPN, a HVPN, is geographically distributed over more than one location, so that devices of the HVPN need to connect to the HVPN via gateways which are external to the HVPN, and the connection between the HVPN devices relies on IP only, the Multicast and Broadcast connectivities will not function, since IP Multicast and Broadcast will be filtered out in the access network due to security and scalability reasons. However, the need for IP Multicast and Broadcast connectivity between devices in a home VPN is apparent if, for example one part of the home VPN is hosted by an access or service operator, and the rest of the home VPN is still "at home", a need which becomes even more apparent in a so called Home Virtual Private Network, a home VPN.
There is also a need for Multicast and Broadcast signalling between devices in a home LAN which use different access technologies, such as, for example, DSL and GPRS.
SUMMARY
As explained above, there is thus a need for a solution by means of which not only Unicast but also Broadcast and Multicast connectivities can be enabled in a LAN, particularly a home LAN such as a home VPN, for devices which belong to the VPN logically but which are located geographically outside of the LAN/home VPN. Suitably, the solution should also be able to accommodate other kinds of different connectivities between LAN/VPN devices which are geographically "inside" and/or "outside" of the LAN/home VPN.
Such a solution is offered by the present invention in that it discloses a method for use in a computer network such as a Home Virtual Private Network, a HVPN, the network being able to comprise a plurality of devices which can communicate with each other via at least a first and a second kind of connectivity.
The method of the invention is intended for the case when a gateway which is external to the HVPN is or has been connected to the HVPN, and a first device of the HVPN connects to the HVPN via said external gateway, so that the first device is "external" to the HVPN while still belonging to it logically. According to the method, when the external gateway is or has been connected to the HVPN, first and second connections are established between the HVPN and the external gateway for sending messages of said first and second connectivity respectively between the external gateway and the HVPN. In addition, messages between the HVPN and the first device are recognized by the network or the external gateway as being of either said first or second connectivity, and depending on a message's type of connectivity, the message is sent via the appropriate connection between the first device and the HVPN.
Thus, since the network which uses the invention will have the ability to recognize devices which logically belong to the VPN but which are geographically located outside of the VPN, and will also be able to accommodate the special needs those "outside devices" have for communication with their VPN via the gateway, the problems mentioned above can be solved.
In a particular embodiment of the invention, the first kind of connectivity is Unicast, and the second kind is Multicast and/or Broadcast. Also, in one embodiment of the invention, the first device connects to the network via an IP connection.
The first connection for sending messages may be an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast. What is meant by the second connection is transmissions where the devices send data packets directly to each other, since the transmitting device knows the IP-address of the receiving device, and accordingly, the corresponding second kind of connectivity is Unicast.
Suitably, according to the method of the invention, when the first device connects to the network, the first gateway identifies which of a plurality of VPNs that the device belongs to by means of information stored externally to the gateway, suitably but not necessarily in a so called AAA-server, Authentication, Authorization and Accounting.
In one embodiment of the invention, the VPN connects to the gateway via a so called Residential gateway, i.e. a gateway which is part of the VPN. The
Residential Gateway can comprise a function for recognizing outgoing messages of the second kind of connectivity, and also for encapsulating such outgoing messages into IP tunnel messages. As an alternative, a device in the VPN can comprises a function for recognizing outgoing messages of the second kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages.
Similarly, incoming messages to the HVPN may be decapsulated by the Residential Gateway and sent to the proper destination in the HVPN, or the decapsulation may alternatively be carried out by a function in the VPN.
The invention also comprises a router for use as the Residential Gateway mentioned above.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be described in more detail in the following, with reference to the appended drawings, in which
Fig 1 shows a system in which a first embodiment of the invention is employed, and
Fig 2 shows a system in which a second embodiment of the invention is employed, and
Fig 3 shows a schematic flowchart of a method of the invention, and
Fig 4 shows a block diagram of a router of the invention.
DETAILED DESCRIPTION Fig 1 shows a system 100 in which a first embodiment of the invention is employed. The system 100 comprises a Home Virtual Private Network, a HVPN 110, which is connected to a residential gateway, RG 130, which may be a part of the HVPN 110, or external to it. The HVPN 110 is by means of the RG 130 connected to a second gateway GW2 170, which is external to the HVPN 110.
As has been explained above, the invention is intended for a case when a device which belongs to the HVPN 110 but is geographically situated outside of it wishes to communicate with another device belonging to the HVPN, said other device suitably being located inside of the HVPN geographically, although the invention may also be used to cover the case when two devices of the HVPN 110 need to communicate with each other, and both devices are located geographically outside of the home or office etc to which the HVPN belongs.
Thus, fig 1 shows a first device D1 112 which belongs to the HVPN 110 and which is situated inside of it geographically, and a second device D2 180 of the HVPN which is situated outside of the HVPN geographically.
In particular, the invention is intended to address the case when certain kinds of connectivities are used or need to be used between the two devices D1 and D2. Examples of such connectivities are so called Multicast and Broadcast, although the man skilled in the field will realize that the principles of the invention described in this text may be applied to other kinds of connectivities as well.
Thus, in the system 100 of fig 1 , if one of the devices D1 or D2 uses so called Multicast or Broadcast connectivity to exchange messages with the other device, D2 or D1 , if IP signalling is used between the devices, the connection between the two devices will be shut down or not established at all, since IP technology "filters out" Multicast and Broadcast connections. In order to address this problem, the invention proposes a solution by means of which Multicast and/or Broadcast messages are identified and encapsulated into tunnelled IP packets, and then exchanged between the parties in the communication over an IP tunnel. Messages which are not Multicast or Broadcast, i.e. Unicast, are identified as such, and are exchanged between the devices D1 and D2 via an "ordinary" connection, i.e. directly by means of the receiving device's IP address.
The tunnel for Multicast and/or Broadcast is preferably established in the following manner:
• When the RG 130 is initially connected to the GW2 170, a first IP tunnel 122 is established between the RG and the GW2 by means of built-in functionality in the RG and the GW2.
• When the "outside" device D2 180 connects to GW2, a second IP tunnel 124 is established between D2 and GW2 by means of built-in functionality in D2 and the GW2.
• If D2 180 and D1 112 are part of the same HVPN, in this case the HVPN 110, the two tunnels 122 and 124 are connected to each other in GW2, so that D1 and D2 can exchange Broadcast and Multicast messages.
The device D2 may be one of a variety of different devices which can be used in a HVPN, such as, for example, cellular telephones and portable computers.
When the device D2 180 initially attempts to connect to the system 100, this will be done via the GW2, since that is the nearest node of the system 100. The GW2 receives information from the device D2 regarding, inter alia, the identity of the device D2. This information is sent by the GW2 to a server in the system, a so called AAA server 175 (Authentication, Authorization, Accounting) which has information about all authorized devices, including which HVPN, if any, that they belong to.
Thus, the AAA server returns information to the GW2 regarding the device which is trying to connect, in this case the device D2, among which information in this case is the fact that the device D2 belongs to a specific HVPN, the HVPN 110. By means of this information, the GW2 is able to connect the two tunnels 122 and 124.
The tunnel between the HVPN 110 and the device D2 180 can also be seen as comprising a number of segments, in this case the two tunnels 122 and 124. The RG 130 has an ordinary connection 120, i.e. not a tunnel, to the HVPN 110, said ordinary connection being, for example, Ethernet, WLAN or USB, Universal Serial Bus.
Since a tunnel to the device D2 has now been established, there is a need for a function in the Residential Gateway, RG 130, which can identify and encapsulate outgoing Multicast and/or Broadcast signalling packets into tunnelled IP packets. The function in the RG 130 will classify outgoing signalling packets by means of user configured rules which will be used to determine if an outgoing packet needs to be encapsulated into so called tunnelled IP packets and sent via the tunnel 122, the encapsulation suitably being, for example, IP-in-IP or GRE, Generic Routing Encapsulation
In addition, the RG 130 also needs to comprise a function for decapsulating signalling packets which are received from GW2 over the tunnel.
In fig 1 , the RG 130 is shown as comprising the following three functions:
• An Ethernet Switch, ES 140, which may be optional if there, for example, is only one device in the HVPN, • A Broadcast/Multicast function, B/M150, which serves to identify and to encapsulate outgoing broadcast and multicast messages into IP tunnel messages, and to identify and decapsulate incoming such messages,
• A DSL modem 160. Naturally, the DSL modem will only be comprised in the RG or the HVPN if a DSL connection is used. Thus, the DSL modem may be replaced by corresponding functions for other types of connections, such as FTTH, Fibre to The Home, Ethernet or a residential broadband connection.
In addition, the gateway GW2 170 also needs to comprise functions for encapsulating and decapsulating signalling packets to and from the HVPN, suitably in the following manner:
• Encapsulated packets which are received over the tunnel 122 from the HVPN should be decapsulated by the GW2 and then forwarded to their end destination, i.e. in this case the device D2. A decapsulated packet may be encapsulated in GW2 before it is forwarded to D2, depending on the functionality in D2, since not all devices have a decapsulating function.
• Messages which are received from the device D2 should be recognised as being Multicast and/or Unicast messages, and encapsulated into IP tunnelling messages before being forwarded to their destination, i.e. the RG 130. These messages will in the embodiment shown in fig 1 be decapsulated in the RG 130.
In addition, the network needs a means for forwarding messages between D1 and D2 which have not been classified as Multicast or Broadcast, i.e. Unicast messages. In order to accommodate such messages, when GW2 connects to the HVPN, a connection for such messages is set up, i.e. a connection for IP Unicast packets is set-up between D1 and D2, since this is the standard behaviour for routed IP connectivity mechanisms at present.
Fig 2 shows a system 200 in which a second embodiment of the invention is applied. Components or functions in fig 2 which correspond to those of fig 1 have been given the same reference numbers as in fig 1 , and will not be explained in depth again.
In the embodiment of fig 2, the function B/M 150 for recognising and encapsulating outgoing Broadcast/Unicast messages and for decapsulating incoming messages from the tunnel from the device D2 has been placed inside the HVPN instead of in the RG 130, as shown in fig 1. In this case, the B/M function may be implemented as a software application on a device such as a PC in the HVPN. Similarly, the decapsulating of messages to the device D2 which has been described previously as being carried out in the GW2 can instead of course be carried out by such a function in the D2,in which case the GW2 will not decapsulate messages, but will instead merely forward them capsulated to the device D2.
Fig 3 shows a rough flow chart of a method 300 of the invention. Steps which are options or alternatives are shown with dashed lines.
Thus, as shown in fig 3, the method 300 is intended for the case, step 310, when a gateway 170 which is external (X-GW) to the HVPN is or has been connected to the HVPN and, step 315, a first device such as the device D2 180 show in figs 1 and 2 of the HVPN connects to the HVPN via the external gateway 170, so that the first device 180 is "external" to the HVPN while still belonging to it. According to the method, step 320, when the external gateway is or has been connected to the HVPN, first and second means are established between the HVPN and the external gateway 170 for sending messages of the first and second connectivity (C1 , C2) respectively between the external gateway and the HVPN.
In addition, messages between the HVPN 110 and the first device 170 are recognized, step 325, by the HVPN or the external gateway as being of either the first or the second kind of connectivity, and depending on a message's type of connectivity, the message is sent, step 330, via the appropriate means between the first device and the HVPN. The expression "sends via the appropriate means" should here be seen as encompassing encapsulation or decapsulation when needed.
As indicated in step 335, the first kind of connectivity can be Unicast and the second kind may be Multicast or Broadcast. Step 340 shows that the first device 180 connects to the external gateway 170 via an IP connection. Suitably, as shown in step 343, said first means may be an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast. The second means may suitably be a connection for IP Unicast packets
When the first device D2 170 connects to the network 110, the external gateway identifies which of a plurality of VPNs that the device belongs to by means of information stored externally to the external gateway, suitably in a so called AAA-server 175, Authentication, Authorization and Accounting.
As shown in step 345, the HVPN 110 may connect to the external gateway 170 via a so called Residential Gateway 130 (RG), i.e. a gateway which is part of the VPN. The Residential Gateway 130 may comprise a function 150 for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages. In addition, also comprised in step 345, the Residential Gateway 130 may comprise a function for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN 110.
Alternatively to step 345, as indicated in step 350, the HVPN 110 may comprise a function 150 for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages, and/or also for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN.
Fig 4 shows a rough block diagram of a router 400 of the invention. Components which are options or alternatives are shown in dashed lines. Thus, the router 400 is intended for use as a Residential Gateway such as the one 130 in figs 1 and 2 in a computer network such as the one 110 in those figures, i.e. for example a Home Virtual Private Network, a HVPN.
The network in which the router may be used can comprise devices such as D1 and D2 of figs 1 and 2, which can communicate with each other via at least a first and a second kind of connectivity, and as indicated in block 410, the router 400 comprises for connecting a HVPN in which the router is used as a Residential Gateway to a gateway, GW, which is external to the HVPN.
In addition, the inventive router comprises means 420 for establishing first and second kinds of communication, C1 , C2, to the external gateway 170 for exchanging messages of the first and second connectivities respectively between the external gateway 170 and the HVPN 110 of the router.
The router 400 also comprises means, block 430, for recognizing messages between the HVPN 110 of the router and the external gateway as being of either the first or second kind of connectivity, and the router comprises means, block 440, for sending a message via the appropriate means between the first device and the HVPN, depending on the message's type of connectivity.
Suitably, the first kind of connectivity is Unicast and the second kind is Multicast or Broadcast, and the first kind of communication may be an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast.
Block 450 shows that the router 400 of the invention may further comprise means for encapsulating outgoing messages of the second kind of connectivity into IP tunnel messages, and, as shown in block 460, may also comprise means for decapsulating incoming messages from the tunnel as well as means for forwarding such messages to the proper destination in the HVPN 110.
The invention is not limited to the examples of embodiments described above and shown in the drawings, but may be freely varied within the scope of the appended claims.

Claims

1. A router (400) for use as a Residential Gateway (130) in a computer network (110) such as a Home Virtual Private Network, a HVPN, the network (110) being able to comprise devices (112, 180) which can communicate with each other via at least a first and a second kind of connectivity, the router (400) comprising means (410) for connecting a HVPN in which the router is used as a Residential Gateway to a gateway (170) which is external to the HVPN, the router in addition comprising means (420) for establishing first and second kinds of communication (C1 , C2) to said external gateway (170) for exchanging messages of said first and second connectivity respectively between the external gateway (170) and the HVPN (110) of the router (130), the router (400) also comprising means (430) for recognizing messages between the HVPN (110) of the router and the external gateway as being of either said first or second kind of connectivity, the router comprising means (440) for sending a message via the appropriate means between the first device and the HVPN, depending on the message's type of connectivity.
2. The router (400) of claim 1 , in which said first kind of connectivity is Unicast and the second kind is Multicast or Broadcast.
3. The router (400) of claim 1 or 2, in which said first kind of communication is an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast.
4. The router of any of claims 1-3, in which said second means is a connection for IP Unicast packets
5. The router (400) of any of claims 1-4, further comprising means (450) for encapsulating outgoing messages of the second kind of connectivity into IP tunnel messages.
6. The router (400) of any of claims 1-5, comprising means (460) for decapsulating incoming messages from the tunnel and means for forwarding such messages to the proper destination in the HVPN (110).
7. A method (300) for use in a computer network (110) such as a Home Virtual Private Network, a HVPN, the network (110) being able to comprise a plurality of devices (112, 180) which can communicate with each other via at least a first and a second kind of connectivity, the method (300) being intended for the case (310) when a gateway (170) which is external to the HVPN is or has been connected to the HVPN and (315) a first device (180) of the HVPN connects to the HVPN via said external gateway (170), so that the first device (180) is "external" to the HVPN while still belonging to it, the method (300) being characterized in that (320) when said external gateway is or has been connected to the HVPN, first and second connections are established between the HVPN and the external gateway (170) for sending messages of said first and second connectivity respectively between the external gateway and the HVPN, the method further being characterized in that messages between the HVPN (110) and the first device (170) are recognized (325) by the HVPN or the external gateway as being of either said first or second kind of connectivity, and depending on a message's type of connectivity, the message is sent (330) via the appropriate means between the first device and the HVPN.
8. The method (300, 335) of claim 7, according to which said first kind of connectivity is Unicast and the second kind is Multicast or Broadcast.
9. The method (300, 340) of claim 7 or 8, according to which the first device (180) connects to the external gateway (170) via an IP connection.
10. The method (300, 343) of any of claims 7-9, according to which said first connection is an IP data tunnel which uses the L3 layer, and the corresponding first kind of connectivity is Broadcast and/or Multicast, so that messages which are sent/received on that tunnel are encapsulated/decapsulated.
11. The method of any of claims 7-10, according to which said second connection is a connection for IP Unicast packets
12. The method (300) of any of claims 7-11 , according to which, when the first device (170) connects to the network (110), the external gateway identifies which of a plurality of VPNs that the device belongs to by means of information stored externally (175) to the external gateway.
13. The method (300) of claim 12, according to which said information is stored in a so called AAA-server (175), Authentication, Authorization and Accounting.
14. The method (300, 345) of any of claims 7-13, according to which the HVPN (110) connects to said external gateway (170) via a so called Residential Gateway (130), i.e. a gateway which is part of the VPN.
15. The method (300, 345) of claim 14, according to which the Residential Gateway (130) comprises a function (150) for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages.
16. The method (300, 345) of claim 15, according to which the Residential Gateway (130) comprises a function (150) for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN (110).
17. The method (300) of claim 14, according to which the HVPN (110) comprises a function (150) for recognizing outgoing messages of the first kind of connectivity, and for encapsulating such outgoing messages into IP tunnel messages.
18. The method (300) of claim 14, according to which the HVPN (110) comprises a function (150) for decapsulating incoming messages from the tunnel and for forwarding such messages to the proper destination in the HVPN.
PCT/SE2007/050799 2007-10-31 2007-10-31 A method and a device for improved connectivity in a vpn WO2009058058A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2007/050799 WO2009058058A1 (en) 2007-10-31 2007-10-31 A method and a device for improved connectivity in a vpn

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2007/050799 WO2009058058A1 (en) 2007-10-31 2007-10-31 A method and a device for improved connectivity in a vpn

Publications (1)

Publication Number Publication Date
WO2009058058A1 true WO2009058058A1 (en) 2009-05-07

Family

ID=40591280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2007/050799 WO2009058058A1 (en) 2007-10-31 2007-10-31 A method and a device for improved connectivity in a vpn

Country Status (1)

Country Link
WO (1) WO2009058058A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001091397A2 (en) * 2000-05-22 2001-11-29 Ladr It Corporation Method and system for stopping hacker attacks
WO2002098063A1 (en) * 2001-05-28 2002-12-05 Zooinnet Method and system for virtual multicast networking
US20030063608A1 (en) * 2001-10-03 2003-04-03 Moonen Jan Renier Multicast discovery protocol uses tunneling of unicast message
WO2003043241A1 (en) * 2001-11-13 2003-05-22 Nokia, Inc. Physically scoped multicast in multi-access networks
US20040037279A1 (en) * 2002-08-23 2004-02-26 David Zelig Virtual private LAN service using a multicast protocol
WO2006085286A1 (en) * 2005-02-14 2006-08-17 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for handling broadcast messages over an access domain
EP1737164A1 (en) * 2004-12-14 2006-12-27 Huawei Technologies Co., Ltd. A method for realizing multicasting in a virtual private network using a virtual router

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001091397A2 (en) * 2000-05-22 2001-11-29 Ladr It Corporation Method and system for stopping hacker attacks
WO2002098063A1 (en) * 2001-05-28 2002-12-05 Zooinnet Method and system for virtual multicast networking
US20030063608A1 (en) * 2001-10-03 2003-04-03 Moonen Jan Renier Multicast discovery protocol uses tunneling of unicast message
WO2003043241A1 (en) * 2001-11-13 2003-05-22 Nokia, Inc. Physically scoped multicast in multi-access networks
US20040037279A1 (en) * 2002-08-23 2004-02-26 David Zelig Virtual private LAN service using a multicast protocol
EP1737164A1 (en) * 2004-12-14 2006-12-27 Huawei Technologies Co., Ltd. A method for realizing multicasting in a virtual private network using a virtual router
WO2006085286A1 (en) * 2005-02-14 2006-08-17 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for handling broadcast messages over an access domain

Similar Documents

Publication Publication Date Title
JP5281644B2 (en) Method and apparatus for enabling a nomadic terminal to access a home network on a layer 2 level
US9112725B2 (en) Dynamic VLAN IP network entry
EP1589705B1 (en) Method and system configured for facilitating residential broadband service
US7489700B2 (en) Virtual access router
EP2579544B1 (en) Methods and apparatus for a scalable network with efficient link utilization
CN100507895C (en) Serving network selection and multihoming using IP access network
US8341725B2 (en) Secure DHCP processing for layer two access networks
US7469298B2 (en) Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider
US8984141B2 (en) Server for routing connection to client device
EP2027675B1 (en) Operator managed virtual home network
AU2003243064B2 (en) An arrangement and a method relating to ethernet access systems
US8553663B2 (en) Method and apparatus for use in a communications network
EP1971092B1 (en) Relay apparatus and method for connecting client device with server
US8862705B2 (en) Secure DHCP processing for layer two access networks
JP5139276B2 (en) Apparatus and method for managing two types of apparatuses
WO2007141840A1 (en) Relay network system and terminal adapter
JPWO2006120751A1 (en) Peer-to-peer communication method and system enabling incoming and outgoing calls
JP2016506109A (en) Network address translated device identification for device specific traffic flow steering
WO2007124679A1 (en) Method and system of network communication
WO2011147342A1 (en) Method, equipment and system for exchanging routing information
US8437357B2 (en) Method of connecting VLAN systems to other networks via a router
JP5986044B2 (en) Network system, communication control method, communication control apparatus, and program
KR20060059877A (en) An arrangement and a method relating to ethernet access systems
WO2009058058A1 (en) A method and a device for improved connectivity in a vpn
KR102513695B1 (en) System for ethernet network extending service base on internet cloud and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07835383

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07835383

Country of ref document: EP

Kind code of ref document: A1