WO2005031527A2 - Model-based method and apparatus for determining virtual private network topologies - Google Patents

Model-based method and apparatus for determining virtual private network topologies Download PDF

Info

Publication number
WO2005031527A2
WO2005031527A2 PCT/US2004/031355 US2004031355W WO2005031527A2 WO 2005031527 A2 WO2005031527 A2 WO 2005031527A2 US 2004031355 W US2004031355 W US 2004031355W WO 2005031527 A2 WO2005031527 A2 WO 2005031527A2
Authority
WO
WIPO (PCT)
Prior art keywords
recited
network
vpn
computer
code
Prior art date
Application number
PCT/US2004/031355
Other languages
French (fr)
Other versions
WO2005031527A3 (en
Inventor
Shai Benjamin
Original Assignee
System Management Arts, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by System Management Arts, Inc. filed Critical System Management Arts, Inc.
Publication of WO2005031527A2 publication Critical patent/WO2005031527A2/en
Publication of WO2005031527A3 publication Critical patent/WO2005031527A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0233Object-oriented techniques, for representation of network management data, e.g. common object request broker architecture [CORBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/033Topology update or discovery by updating distance vector protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • H04L41/122Discovery or management of network topologies of virtualised topologies, e.g. software-defined networks [SDN] or network function virtualisation [NFV]

Definitions

  • the invention relates generally to computer networks, and more specifically to systems and methods for modeling and identifying Virtual Private Network (VPN) topologies, memberships and member roles.
  • VPN Virtual Private Network
  • VPN Virtual Private Network
  • MIBs Magnetic Ink Bases
  • SNMP SNMPv2. SNMPv3, and RMON 1 and 2 (3rd Edition), William Stallings, Addison- Wesley Pub Co, December 1998, pages 71- 162 ISBN: 0201485346
  • MJJBs typically do not capture relationships between objects.
  • LSP MPLS end-to-end Label-Switched Path
  • VPN systems that overcomes known deficiencies in identifying VPN components and the VPN topology.
  • the method comprises the steps of representing the network by a model containing a plurality of object classes, evaluating an import/export relationship of a first one and a second one of the object classes and identifying the network type based on the evaluated relationship.
  • Figure 1 illustrates a logical view of a conventional VPN network
  • Figure 2 illustrates a model representation of VPNs in accordance with the principles of the invention
  • Figures 3 illustrates an example of a model-ed representation of a VPN
  • Figures 4a-4d illustrate examples of model-ed representations of VPN topologies
  • Figure 5 illustrates an example of identifying VPN topologies in accordance with the principles of the invention
  • Figures 6a-6d illustrate an example of the application of the VPN model with regard to a physical network in accordance with the principles of the invention.
  • Figure 7 illustrates a system for implementing the processing shown herein.
  • Figure la illustrates an exemplary representation of a virtual private network
  • PE provider edge routers
  • CE Customer Edge
  • nodes or routers 115, 165, 167 and 185 which are in communication with corresponding provider edge nodes 110, 160 and 180.
  • the CE nodes 115, 165, 167 and 185 represent components or routers located at the customer premises that are directly connected, at either a network Layer 2 or Layer 3 level (of the OS I stack) to the ingress and egress provider edge routers 110, 160 and 180.
  • Internal routers which are not shown, are responsible for converting the packet or frame structure from the one used to communicate with CE routers 115, 165, 167, and 185 to the packet or frame structure used internally by an associated private network.
  • a CE router or node is typically connected to only one provider edge router or node. However, as shown in this illustrative case, provider edge router 160 is connected to CE router 165 and CE router 167. Hence, CE router 185, for example, may communicate privately with CE router 165 and/or 167. The communication between the CE nodes and the PE nodes may take place using any Layer 2 or Layer 3 network protocol.
  • VPN routing and addressing structures are created for each customer in the PE and internal nodes (not shown), and designate the path assigned to the customer.
  • VPN Routing and Forwarding Tables are a well-known means for creating virtual private networks. The VRFs exchange routes using, for example, Multiprotocol Border Gateway Protocol (MP-BGP).
  • MP-BGP Multiprotocol Border Gateway Protocol
  • the typical attributes of a VRF instance include a name, associated interfaces, route-distinguisher, import route-targets, export route-targets, and a routing table.
  • RouteTargets are identifiers associated with a set of routes through the network 100. The identifiers are used by the VRFs to control the importing or the exporting of routes to other VRFs. Each VRF, thus, can export or import routes or paths via a list of export or import RTs.
  • CE 115 for example, may communicate privately with CE 167 by the appropriate selection of VRFs in each edge router or node and the not shown internal routers or nodes.
  • FIG. 2 illustrates an exemplary abstract model 200 of a VPN network in accordance with the principles of the invention.
  • the VPN model shown is an extension of a known network models 210, such as the SMARTS® InChargeTM Common Information Model (ICJJVI), or similarly defined or pre-existing CIM-based model.
  • SMARTS and Incharge are trademarks of System Management ARTs, Inc., having a principle place of business in White Plains, NY, USA.
  • CIM models are known to represent selected ones of the physical network components, e.g., nodes, routers, computer systems, disk drives, etc., and or logical network components, e.g., software, application software, ports, disk drive designation, etc., by defining object classes, which are a representation of the component.
  • object classes which are a representation of the component.
  • Those network components that are selected for representation in the model are hereinafter referred to as managed components.
  • the representation of the managed components includes aspects or properties of the component.
  • the relationships between the managed components are also represented and contained in the model.
  • this model defines object classes such as
  • ServiceConnection 210.1, NetworkService 210.2, and LogicalNetwork 210.3 that are representative of generic concepts or components of service connections, network services, and logical networks, respectively.
  • object class RouteTargets 220.1 is selected as a type of service connection
  • VRF 220.2 is designated as a type of network service
  • VPN 220.3 is designated as a type of logical network.
  • Object classes RouteTargets, VRF, VPN are hereinafter referred to as RouteTargets, VRF, VPN unnecessary technical terminology. Those skilled in the art would recognize that such references refer to the respective object classes.
  • RouteTarget and RouteTargets may also refer to an element(s) or instances of the object class RouteTargets. Similar terminology is also used with regard to VRF, VRFs, VPN and VPNs.
  • the VPN model shown further illustrates the relationship between
  • RouteTargets 210.1 and VRFs 220.2 which are represented with the classes Imported By/Imports and Exported by/Exports.
  • the relationship between VRFs and the VPN may be expressed as Hubsof/Hubs and SpokesOf/Spokes.
  • the information to populate or determine instances of the object classes, i.e., representation of components, and the relationship between components, i.e., representation of component relationships, of the models defined herein may be pre-loaded or predetermined or may be determined dynamically by importation, discovery or provided by one or more sources of such information, e.g., Simple Network Management Protocol (SNMP) MIBs, MPLS-LSR-MJJB, MPLS forwarding tables, MPLS-VPN-MIB.
  • SNMP Simple Network Management Protocol
  • MPLS-LSR-MJJB MPLS forwarding tables
  • MPLS-VPN-MIB MPLS forwarding tables
  • manual commands such as Command Line Interface (CLI) at network devices, Show commands that retrieve and display information regarding forwarding-table, VRFs, BGP and MBGP sessions, may be used to provide information to populate the object classes shown.
  • CLI Command Line Interface
  • Show commands that retrieve and display information regarding forwarding-table, VRFs, BGP and MBGP sessions may be used to provide information
  • FIG. 3 illustrates an example of an import export relationship between VRFs and RouteTargets for a VPN in accordance with the principles of the invention.
  • VRFs 305, 307, 309 have importfexport relationships with RTs 301 and 303 that are tabulated in Table 1.
  • Figure 3 may be expressed as:
  • ⁇ m(R ⁇ ) is the set ⁇ V 2 ⁇ -, [1]
  • FIG. 4a illustrates a representation 400 of the relationship between VRFs and RTs in a Full-Mesh (FM) topology in accordance with an aspect of the principles of the invention.
  • a Full-Mesh topology allows routing of packets from any node in the VPN to any other node in the VPN.
  • Route Target (RT) 405 is such that it is both imported and exported by the VRF 410. This may be expressed as:
  • Figures 4b-4d illustrate graphic representations of the relationship between
  • H-S Hub-and-Spoke
  • hub VRFs may communicate with either hub or spoke VRFs, whereas spoke VRFs can only communicate with hub VRFs.
  • An H-S VPN topology may be determined when one of the following configurations is satisfied:
  • an H-S topology may be determined when, for an ordered pair of
  • the import set of Ri is identical to the export set of R 2 ;
  • the set of VRFs that export Ri but do not import Ri is identical to the set of VRFs that import R 2 but do not export R 2 ;
  • the export set of Ri is not identical to the import set of R 2 , or there is at least one VRF that both imports and exports Ri.
  • the members of an H-S topology may then be determined as those members of the union of the import and the export sets of Ri.
  • the spoke members may be determined as those members of the set of VRFs that export but do not import Ri, and the remaining members of the VPN are hub members.
  • FIG. 5 illustrates a VRF-RT model used as an example for determining VPN topologies, and element members, in accordance with the principles of the present invention.
  • the ImportedBy/Imports and ExportedBy/Exports relationships between RTs 510-550, i.e., R 1 -R 5 , and VRFs 560-576, i.e., V V 9 are graphically illustrated using an arrow notation wherein the arrowhead denotes importing/exporting.
  • RouteTarget 520 (R 2 ), for example, imports VRF 564 (V 3 ), VRF 574(V 8 ) and VRF 576 (V 9 ) and exports VRF 566 (V 4 ) and VRF 568 (V 5 ).
  • the import and export sets with respect to Route Targets R 1 -R 5 may be determined as shown in Table 2 as:
  • VRFs 960, 962, 972 constitute a VPN of a Full-Mesh topology.
  • a Hub-and-Spoke topology may be determined between Route Target 920 and
  • VRFs 964, 966, 968, 974, 976 constitute a Hub-and-Spoke topology.
  • the ordered pair of Route Targets 950, 920 R 5 , R
  • the spoke members of a H-S topology may be determined as those members of the set of VRFs that export but do not import the first Route Target of the ordered pair of Route Targets and the remaining members of the H - S topology VPN are then deemed hub VRFs.
  • the spoke members may be determined to be VRFs V 3> V 8 and V 9 and the hub members are VRFs V 3 and V 4 .
  • the spoke members are VRFs V 4 and V 7 and the hub member is VRF V 6 .
  • the pairing of Route Targets may be reduced by considering the following criteria; . . . ..
  • Ri need not be evaluated with regard to the remaining RTs as Ri was determined to be in a Full-Mesh network. Similarly, R 3 and need not be evaluated with regard to each other as they fail to satisfy condition 2.
  • Figures 6a-6d illustrate an application of the present invention with regard to a physical network.
  • Figure 6a illustrates an example of two MPLS VPNs 600 and 650 wherein VPN 600 is in a Full Mesh configuration and VPN 650 is in a Hub-and-Spoke configuration. And will be determining in accordance with the principles of the invention.
  • Figure 6a illustrates that VPN 600 communicates, through provider edge nodes 610-640, to customer edge nodes 612, 622, 632 and 642, respectively, and VPN 650 communicates, through provider edge nodes 610-640, to consumer edge nodes 612, 622, 634 and 644, respectively.
  • Table 3 tabulates the imports and exports of the RTs for each VRF shown in
  • FIG. 6a This information is stored at the respective provider edge node where the VRFs reside.
  • Figures 6b and 6c illustrate the ImportedBy/Imports and ExportedBy/Exports relationships of VRFs with respect to RTs in the exemplary VPNs 600 and 650 shown in Figure 6a.
  • Figure 6b illustrates that RTIA is imported by each VRFl in each provider edge node 610-640 (PE ⁇ -PE 4 ), while RTIB is imported by VRFl at provider edge nodes 620 and 640 (i.e., PE 2 and PE 4 ).
  • RT2 is imported by VRF2 at each provider edge node 610-640 (PE ⁇ -PE 4 ).
  • Figure 6c illustrates that RTIA is exported by VRFl at provider edge nodes 620 and 640, while RTIB is exported by VRFl at provider edge nodes 610 and 630.
  • RT2 is exported by each VRF2 at each provider edge node 610-640.
  • Table 4 tabulates the Imported By and Exported By relationships, wherein y represents the instantiation of VRFi at PEj.
  • VPN 600 is an FM-type VPN as RT2 is imported and exported by all VRF2s.
  • VPN 650 may be determined to be a H-S type VPN. It may further be determined that PEi 610 and PE 3 630 are spoke VRFs and PE 2 , 620 and PE 4 , 640 are be hub VRFs.
  • Figure 6d illustrates the YOFs associated with the determined VPN types.
  • FIG. 7 illustrates an exemplary embodiment of a system 700 that may be used for implementing the principles of the present invention.
  • System 700 may contain one or more input/output devices 702, processors 703 and memories 704.
  • I O devices 702 may access or receive information from one or more sources or devices 701.
  • Sources or devices 701 may be devices such as routers, servers, computers, notebook computer, PDAs, cells phones or other devices suitable for transmitting and receiving information responsive to the processes shown herein.
  • Devices 701 may have access over one or more network connections 750 via, for example, a wireless wide area network, a wireless metropolitan area network, a wireless local area network, a terrestrial broadcast system (Radio, TV), a satellite network, a cell phone or a wireless telephone network, or similar wired networks, such as POTS, INTERNET, LAN, WAN and/or private networks, e.g., INTRANET, as well as portions or combinations of these and other types of networks.
  • a wireless wide area network such as a wireless metropolitan area network, a wireless local area network, a terrestrial broadcast system (Radio, TV), a satellite network, a cell phone or a wireless telephone network, or similar wired networks, such as POTS, INTERNET, LAN, WAN and/or private networks, e.g., INTRANET, as well as portions or combinations of these and other types of networks.
  • Input/output devices 702, processors 703 and memories 704 may communicate over a communication medium 725.
  • Communication medium 725 may represent, for example, a bus, a communication network, one or more internal connections of a circuit, circuit card or other apparatus, as well as portions and combinations of these and other communication media.
  • Input data from the client devices 701 is processed in accordance with one or more programs that may be stored in memories 704 and executed by processors 703.
  • Memories 704 may be any magnetic, optical or semiconductor medium that is loadable and retains information either permanently, e.g. PROM, or non-permanenty, e.g., RAM.
  • Processors 703 may be any means, such as general purpose or special purpose computing system, such as a laptop computer, desktop computer, a server, handheld computer, or may be a hardware configuration, such as dedicated logic circuit, or integrated circuit. Processors 703 may also be Programmable Array Logic (PAL), or Application Specific Integrated Circuit (ASIC), etc., which may be "programmed” to include software instructions or code that provides a known output in response to known inputs. In one aspect, hardware circuitry may be used in place of, or in combination with, software instructions to implement the invention. The elements illustrated herein may also be implemented as discrete hardware elements that are operable to perform the operations shown using coded logical operations or by executing hardware executable code.
  • PAL Programmable Array Logic
  • ASIC Application Specific Integrated Circuit
  • the processes shown herein may be represented by computer readable code stored on a computer readable medium.
  • the code may also be stored in the memory 704.
  • the code may be read or downloaded from a memory medium 783, an I/O device 785 or magnetic or optical media, such as a floppy disk, a CD-ROM or a DVD, 787 and then stored in memory 704.
  • Information from device 701 received by I O device 702, after processing in accordance with one or more software programs operable to perform the functions illustrated herein, may also be transmitted over network 780 to one or more output devices represented as display 785, reporting device 790 or second processing system 795.
  • output devices represented as display 785, reporting device 790 or second processing system 795.
  • computer or computer system may represent one or more processing units in communication with one or more memory units and other devices, e.g., peripherals, connected electronically to and communicating with the at least one processing unit.
  • the devices may be electronically connected to the one or more processing units via internal busses, e.g., ISA bus, microchannel bus, PCI bus, PCMCIA bus, etc., or one or more internal connections of a circuit, circuit card or other device, as well as portions and combinations of these and other communication media or an external network, e.g., the Internet and Intranet.
  • internal busses e.g., ISA bus, microchannel bus, PCI bus, PCMCIA bus, etc.

Abstract

A method and apparatus for determining and identifying types of Virtual Private Networks (100) is disclosed. The method comprises the steps of representing the network by a model (200) containing a plurality of object classes, evaluating an import/export relationship of a first one and a second one of the object classes and identifying the network type based on the evaluated relationship.

Description

MODEL-BASED METHOD AND APPARATUS FOR DETERMINING VIRTUAL PRIVATE NETWORK TOPOLOGIES
Claim of Priority
[0001] This application claims the benefit, pursuant to 35 USC § 119(e), of the earlier filing date of the Provisional Patent Application Serial No. 60/505,802, entitled "Model- Based Discovery of Multi-Protocol Label Switching Virtual Private Networks, filed on September 25, 2003, the contents of which are incorporated by reference herein.
Related Applications
[0002] This application is related to concurrently-filed:
US Patent Application Serial Number , entitled "Model-Based Method and Apparatus for Determining MPLS Network Properties;" and
[0003] US Patent Application Serial Number , entitled "Method and
Apparatus for Modeling and Analyzing MPLS and Virtual Private Networks," the contents of both of which are incorporated by reference herein.
Field of the Invention
[0004] The invention relates generally to computer networks, and more specifically to systems and methods for modeling and identifying Virtual Private Network (VPN) topologies, memberships and member roles.
Background of the Invention
[0005] The concepts, terms, and acronyms of Virtual Private Network (VPN) are well-known in the art. For example, the memorandum entitled BGP/MPLS VPNs, E. Rosen and Y. Rekhter, RFC 2547, March 1999, internet Engineering Task Force (IETF), is an example of the literature regarding VPNs.
[0006] The ability to analyze VPNs has been limited by the network models that have been employed. For example, one model uses a Common Information Model (CIM) that defined objects and relationships, (see Common Information Model: Implementing the Object Model for Enterprise Management, Bumpus, et al, John Wiley & Sons, December 1999, ISBN: B00007FY8X). This model is limited by the pre-defined and standard objects and relationships defined in the Common Information Model (CIM). For example, one cannot easily capture the relationship between a VPN Routing and Forwarding Table (VRF) and a RouteTarget (RT). (See, for example, BGP MPLS VPNs, E. Rosen and Y. Rekhter, RFC2547bis, IETF, July 2000.)
[0007] In a second model, the definition of MPLS and VPN Management Information
Bases (MIBs) are established. (See, for example, SNMP, SNMPv2. SNMPv3, and RMON 1 and 2 (3rd Edition), William Stallings, Addison- Wesley Pub Co, December 1998, pages 71- 162 ISBN: 0201485346). However, MJJBs typically do not capture relationships between objects. For example the MPLS end-to-end Label-Switched Path (LSP) is difficult to represent explicitly in a MIB.
[0008] The lack of a systematic model specifically suited for the MPLS and/or VPN objects and relationships limits several forms of important analysis. For example, it is difficult to determine the members of each VPN; what is the role of each VPN member; what is the type of each VPN or sub-set of the VPN.
[0009] Hence there is a need in the industry for a method and system for analyzing
VPN systems that overcomes known deficiencies in identifying VPN components and the VPN topology.
Summary of The Invention
[0010] A method and apparatus for determining and identifying types of Virtual
Private Networks is disclosed. The method comprises the steps of representing the network by a model containing a plurality of object classes, evaluating an import/export relationship of a first one and a second one of the object classes and identifying the network type based on the evaluated relationship.
Detailed Description of the Figures
[0011] Figure 1 illustrates a logical view of a conventional VPN network;
[0012] Figure 2 illustrates a model representation of VPNs in accordance with the principles of the invention;
[0013] Figures 3 illustrates an example of a model-ed representation of a VPN; [0014] Figures 4a-4d illustrate examples of model-ed representations of VPN topologies;
[0015] Figure 5 illustrates an example of identifying VPN topologies in accordance with the principles of the invention;
[0016] Figures 6a-6d illustrate an example of the application of the VPN model with regard to a physical network in accordance with the principles of the invention; and
[0017] Figure 7 illustrates a system for implementing the processing shown herein.
[0018] It is to be understood that these drawings are solely for purposes of illustrating the concepts of the invention and are not intended as a definition of the limits of the invention. The embodiments shown in the figures herein and described in the accompanying detailed description are to be used as illustrative embodiments and should not be construed as the only manner of practicing the invention. Also, the same reference numerals, possibly supplemented with reference characters where appropriate, have been used to identify similar elements.
Detailed Description
[0019] Figure la illustrates an exemplary representation of a virtual private network
100 composed of components, referred to as provider edge routers (PE), 110, 160 and 180 that represent the means for providing information items to, and receiving information items from, network 100, Also shown are Customer Edge (CE). nodes or routers 115, 165, 167 and 185, which are in communication with corresponding provider edge nodes 110, 160 and 180. The CE nodes 115, 165, 167 and 185 represent components or routers located at the customer premises that are directly connected, at either a network Layer 2 or Layer 3 level (of the OS I stack) to the ingress and egress provider edge routers 110, 160 and 180. Internal routers, which are not shown, are responsible for converting the packet or frame structure from the one used to communicate with CE routers 115, 165, 167, and 185 to the packet or frame structure used internally by an associated private network.
[0020] A CE router or node is typically connected to only one provider edge router or node. However, as shown in this illustrative case, provider edge router 160 is connected to CE router 165 and CE router 167. Hence, CE router 185, for example, may communicate privately with CE router 165 and/or 167. The communication between the CE nodes and the PE nodes may take place using any Layer 2 or Layer 3 network protocol. [0021] VPN routing and addressing structures are created for each customer in the PE and internal nodes (not shown), and designate the path assigned to the customer. VPN Routing and Forwarding Tables (VRFs) are a well-known means for creating virtual private networks. The VRFs exchange routes using, for example, Multiprotocol Border Gateway Protocol (MP-BGP). The typical attributes of a VRF instance include a name, associated interfaces, route-distinguisher, import route-targets, export route-targets, and a routing table. RouteTargets (RTs) are identifiers associated with a set of routes through the network 100. The identifiers are used by the VRFs to control the importing or the exporting of routes to other VRFs. Each VRF, thus, can export or import routes or paths via a list of export or import RTs. In this illustrative case, CE 115 for example, may communicate privately with CE 167 by the appropriate selection of VRFs in each edge router or node and the not shown internal routers or nodes. In one aspect of the invention, a Route-Distinguisher may also be specified that provides a distinguishing characteristic for the specific route. This distinguishing characteristic is used when duplicate addresses are encountered. [0022] Figure 2 illustrates an exemplary abstract model 200 of a VPN network in accordance with the principles of the invention. The VPN model shown is an extension of a known network models 210, such as the SMARTS® InCharge™ Common Information Model (ICJJVI), or similarly defined or pre-existing CIM-based model. SMARTS and Incharge are trademarks of System Management ARTs, Inc., having a principle place of business in White Plains, NY, USA. CIM models are known to represent selected ones of the physical network components, e.g., nodes, routers, computer systems, disk drives, etc., and or logical network components, e.g., software, application software, ports, disk drive designation, etc., by defining object classes, which are a representation of the component. Those network components that are selected for representation in the model are hereinafter referred to as managed components. The representation of the managed components includes aspects or properties of the component. Similarly, the relationships between the managed components are also represented and contained in the model. [0023] With regard to the ICTM, this model defines object classes such as
ServiceConnection 210.1, NetworkService 210.2, and LogicalNetwork 210.3 that are representative of generic concepts or components of service connections, network services, and logical networks, respectively.
[0024] In accordance with the principles of the invention with regard to modeling
VPNs, object class RouteTargets 220.1 is selected as a type of service connection, VRF 220.2 is designated as a type of network service, and VPN 220.3 is designated as a type of logical network. Object classes RouteTargets, VRF, VPN are hereinafter referred to as RouteTargets, VRF, VPN unnecessary technical terminology. Those skilled in the art would recognize that such references refer to the respective object classes. Furthermore, the terms RouteTarget and RouteTargets may also refer to an element(s) or instances of the object class RouteTargets. Similar terminology is also used with regard to VRF, VRFs, VPN and VPNs. [0025] The VPN model shown further illustrates the relationship between
RouteTargets 210.1 and VRFs 220.2, which are represented with the classes Imported By/Imports and Exported by/Exports. Similarly, the relationship between VRFs and the VPN may be expressed as Hubsof/Hubs and SpokesOf/Spokes.
[0026] It would be recognized by those skilled in the art that the information to populate or determine instances of the object classes, i.e., representation of components, and the relationship between components, i.e., representation of component relationships, of the models defined herein may be pre-loaded or predetermined or may be determined dynamically by importation, discovery or provided by one or more sources of such information, e.g., Simple Network Management Protocol (SNMP) MIBs, MPLS-LSR-MJJB, MPLS forwarding tables, MPLS-VPN-MIB. Similarly, manual commands such as Command Line Interface (CLI) at network devices, Show commands that retrieve and display information regarding forwarding-table, VRFs, BGP and MBGP sessions, may be used to provide information to populate the object classes shown. Each of these sources of information are representative of communications that may occur dynamically over the physical network that the model overlays, i.e., layered over, and should not be considered the only methods to dynamically populate the object classes shown.
[0027] Figure 3 illustrates an example of an import export relationship between VRFs and RouteTargets for a VPN in accordance with the principles of the invention. In this illustrated example, VRFs 305, 307, 309 have importfexport relationships with RTs 301 and 303 that are tabulated in Table 1.
Figure imgf000006_0001
Table 1
[0028] The ImportedBy/Imports and the ExportBy/Exports relationships shown in
Figure 3 may be expressed as:
ϊm(Rι) is the set {V2}-, [1]
Ex(Rι) is the set { Vi, V2} ; [2]
Im(R2) is the set {V2,V3}; and [3]
Ex(R2) is the set {V1;V3} [4]
Where Im(Rx) is the set of VRFs that import the RouteTarget Rx; and Ex(Rx ) is the set of VRFs that export the RouteTarget Rx. [0029] Figure 4a illustrates a representation 400 of the relationship between VRFs and RTs in a Full-Mesh (FM) topology in accordance with an aspect of the principles of the invention. A Full-Mesh topology allows routing of packets from any node in the VPN to any other node in the VPN. Hence, in accordance with the principles of the invention, in an FM topology Route Target (RT) 405 is such that it is both imported and exported by the VRF 410. This may be expressed as:
Im(R) = Ex(R) [5]
[0030] Figures 4b-4d illustrate graphic representations of the relationship between
VRFs and RTs in Hub-and-Spoke (H-S) topologies in accordance with the principles of the invention. In an H-S topology, hub VRFs may communicate with either hub or spoke VRFs, whereas spoke VRFs can only communicate with hub VRFs. An H-S VPN topology may be determined when one of the following configurations is satisfied:
1. Hub VRFs export R2 and both import and export Ri while spoke VRFs import R2 and export Ri. See Figure 4b;
2. Hub VRFs both import and export R2 and import Ri while spoke VRFs import R2 and export Ri. See Figure 4c; or
3. Hub VRFs both import and export R2 and both import and export Ri while spoke VRFs import R2 and export t. See Figure 4d.
[0031] Accordingly, an H-S topology may be determined when, for an ordered pair of
Route Targets, denoted as Ri and R2, the following conditions are satisfied:
1. The import set of Ri is identical to the export set of R2; and
2. The set of VRFs that export Ri but do not import Ri is identical to the set of VRFs that import R2 but do not export R2; and
3. The export set of Ri is not identical to the import set of R2, or there is at least one VRF that both imports and exports Ri.
[0032] These criteria may be expressed as: l-mCR = Ex(R2); and [6]
Ex(Rι) \ IM(Rι) = rnι(R2) \ Ex(R2); and [7]
Ex(Ri) ≠ Im(R2) OR Ex(Rι) n Im(Rι) ≠ Empty set [8]
[0033] In another aspect of the invention, the members of an H-S topology may then be determined as those members of the union of the import and the export sets of Ri. In this aspect of the invention, the spoke members may be determined as those members of the set of VRFs that export but do not import Ri, and the remaining members of the VPN are hub members.
[0034] Figure 5 illustrates a VRF-RT model used as an example for determining VPN topologies, and element members, in accordance with the principles of the present invention. In this illustrative example, the ImportedBy/Imports and ExportedBy/Exports relationships between RTs 510-550, i.e., R1-R5, and VRFs 560-576, i.e., V V9, are graphically illustrated using an arrow notation wherein the arrowhead denotes importing/exporting. Utilizing the notation discussed previously, RouteTarget 520 (R2), for example, imports VRF 564 (V3), VRF 574(V8) and VRF 576 (V9) and exports VRF 566 (V4) and VRF 568 (V5). The import and export sets with respect to Route Targets R1-R5 may be determined as shown in Table 2 as:
Figure imgf000008_0001
Table 2
[0035] In this case, the import set and the export set associated with Ri are identical and, hence, satisfy the conditions of equation 1. Thus, VRFs 960, 962, 972 (i.e., V1.V2.V7) constitute a VPN of a Full-Mesh topology.
[0036] A Hub-and-Spoke topology may be determined between Route Target 920 and
930 (i.e, R2 and R4, respectively) as the following conditions are satisfied: Im(R2) = {V4,V5} = Ex(R4); Ex(R2) \ Im(R2) = {V3,V8,V9}\{ V4,V5} = { V3,V8,V9} and Im(R4) \Ex(R4) = {V3,V4,V5,V8,V9}\{V4,V5} = {V3,V8,V9}; and Ex(R2) = {V3,V8,V9} ≠ {V3,V4,V5,V8,V9}= Im(R4).
[0037] Accordingly, VRFs 964, 966, 968, 974, 976 (i.e., V3, V4, V5, V8 and V9) constitute a Hub-and-Spoke topology. In a similar manner, it may be determined that the ordered pair of Route Targets 950, 920 (R5, R ) also constitute a Hub-and-Spoke topology. [0038] The spoke members of a H-S topology may be determined as those members of the set of VRFs that export but do not import the first Route Target of the ordered pair of Route Targets and the remaining members of the H - S topology VPN are then deemed hub VRFs.
Ex(Rx) \ Im(Rx) [9] where Rx is the first RT of the ordered pair
[0039] Thus, in the H-S topology determined from the ordered pair of Route Targets
920, 940 (R2, R4), the spoke members may be determined to be VRFs V3> V8 and V9 and the hub members are VRFs V3 and V4. Similarly, in the H-S VPN topology determined from the ordered pair of Route Targets R5, R2 , the spoke members are VRFs V4 and V7 and the hub member is VRF V6.
[0040] In another aspect of the invention, not all pairings of Route Targets need be tested. In this aspect of the invention, the pairing of Route Targets may be reduced by considering the following criteria;. . . ..
1. Route Targets that define a Full-Mesh VPN need not be evaluated; or
2. For a selected RouteTarget, only RouteTargets that are exported by some VRF that is in the import set of the given RouteTarget need be evaluated.
[0041] In accordance with this aspect of the invention with regard to the above example, Ri need not be evaluated with regard to the remaining RTs as Ri was determined to be in a Full-Mesh network. Similarly, R3 and need not be evaluated with regard to each other as they fail to satisfy condition 2.
[0042] Figures 6a-6d illustrate an application of the present invention with regard to a physical network. Figure 6a illustrates an example of two MPLS VPNs 600 and 650 wherein VPN 600 is in a Full Mesh configuration and VPN 650 is in a Hub-and-Spoke configuration. And will be determining in accordance with the principles of the invention. Figure 6a illustrates that VPN 600 communicates, through provider edge nodes 610-640, to customer edge nodes 612, 622, 632 and 642, respectively, and VPN 650 communicates, through provider edge nodes 610-640, to consumer edge nodes 612, 622, 634 and 644, respectively. [0043] Table 3 tabulates the imports and exports of the RTs for each VRF shown in
Figure 6a. This information is stored at the respective provider edge node where the VRFs reside.
Figure imgf000010_0001
Table 3
[0044] Figures 6b and 6c illustrate the ImportedBy/Imports and ExportedBy/Exports relationships of VRFs with respect to RTs in the exemplary VPNs 600 and 650 shown in Figure 6a. Figure 6b illustrates that RTIA is imported by each VRFl in each provider edge node 610-640 (PEι-PE4), while RTIB is imported by VRFl at provider edge nodes 620 and 640 (i.e., PE2 and PE4). Similarly, RT2 is imported by VRF2 at each provider edge node 610-640 (PEι-PE4). Figure 6c illustrates that RTIA is exported by VRFl at provider edge nodes 620 and 640, while RTIB is exported by VRFl at provider edge nodes 610 and 630. RT2, on the other hand, is exported by each VRF2 at each provider edge node 610-640. Table 4 tabulates the Imported By and Exported By relationships, wherein y represents the instantiation of VRFi at PEj.
Figure imgf000010_0002
Figure imgf000011_0002
Figure imgf000011_0001
[0045] Evaluating the entries shown in Table 4, utilizing the criteria shown in equations 5-8, it may be determined that VPN 600 is an FM-type VPN as RT2 is imported and exported by all VRF2s. Further, VPN 650 may be determined to be a H-S type VPN. It may further be determined that PEi 610 and PE3 630 are spoke VRFs and PE2, 620 and PE4, 640 are be hub VRFs. Figure 6d illustrates the YOFs associated with the determined VPN types.
[0046] Figure 7 illustrates an exemplary embodiment of a system 700 that may be used for implementing the principles of the present invention. System 700 may contain one or more input/output devices 702, processors 703 and memories 704. I O devices 702 may access or receive information from one or more sources or devices 701. Sources or devices 701 may be devices such as routers, servers, computers, notebook computer, PDAs, cells phones or other devices suitable for transmitting and receiving information responsive to the processes shown herein. Devices 701 may have access over one or more network connections 750 via, for example, a wireless wide area network, a wireless metropolitan area network, a wireless local area network, a terrestrial broadcast system (Radio, TV), a satellite network, a cell phone or a wireless telephone network, or similar wired networks, such as POTS, INTERNET, LAN, WAN and/or private networks, e.g., INTRANET, as well as portions or combinations of these and other types of networks.
[0047] Input/output devices 702, processors 703 and memories 704 may communicate over a communication medium 725. Communication medium 725 may represent, for example, a bus, a communication network, one or more internal connections of a circuit, circuit card or other apparatus, as well as portions and combinations of these and other communication media. Input data from the client devices 701 is processed in accordance with one or more programs that may be stored in memories 704 and executed by processors 703. Memories 704 may be any magnetic, optical or semiconductor medium that is loadable and retains information either permanently, e.g. PROM, or non-permanenty, e.g., RAM. Processors 703 may be any means, such as general purpose or special purpose computing system, such as a laptop computer, desktop computer, a server, handheld computer, or may be a hardware configuration, such as dedicated logic circuit, or integrated circuit. Processors 703 may also be Programmable Array Logic (PAL), or Application Specific Integrated Circuit (ASIC), etc., which may be "programmed" to include software instructions or code that provides a known output in response to known inputs. In one aspect, hardware circuitry may be used in place of, or in combination with, software instructions to implement the invention. The elements illustrated herein may also be implemented as discrete hardware elements that are operable to perform the operations shown using coded logical operations or by executing hardware executable code.
[0048] In a one aspect, the processes shown herein may be represented by computer readable code stored on a computer readable medium. The code may also be stored in the memory 704. The code may be read or downloaded from a memory medium 783, an I/O device 785 or magnetic or optical media, such as a floppy disk, a CD-ROM or a DVD, 787 and then stored in memory 704.
[0049] Information from device 701 received by I O device 702, after processing in accordance with one or more software programs operable to perform the functions illustrated herein, may also be transmitted over network 780 to one or more output devices represented as display 785, reporting device 790 or second processing system 795. [0050] As one skilled in the art would recognize, the term computer or computer system may represent one or more processing units in communication with one or more memory units and other devices, e.g., peripherals, connected electronically to and communicating with the at least one processing unit. Furthermore, the devices may be electronically connected to the one or more processing units via internal busses, e.g., ISA bus, microchannel bus, PCI bus, PCMCIA bus, etc., or one or more internal connections of a circuit, circuit card or other device, as well as portions and combinations of these and other communication media or an external network, e.g., the Internet and Intranet. [0051] While there has been shown, described, and pointed out fundamental novel features of the present invention as applied to preferred embodiments thereof, it will be understood that various omissions and substitutions and changes in the apparatus described, in the form and details of the devices disclosed, and in their operation, may be made by those skilled in the art without departing from the spirit of the present invention. It is expressly intended that all combinations of those elements that perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Substitutions of elements from one described embodiment to another are also fully intended and contemplated. For example, although the present invention has been disclosed with regard to VPNs of the Full Mesh and Hub-and-Spoke topologies, the techniques described herein are not limited to the topologies shown. For example, Partial Mesh topologies are known in the art as being Hub-and-Spoke topologies with multiple hubs. In addition, Spoke-and-Spoke topologies may similarly be determined. Accordingly, it would be within the knowledge of those skilled in the art to expand the teachings described herein to other topologies, which have been contemplated and are considered within the scope of the invention. Similarly, the invention described herein describes a generic modeling approach for VPNs. However, the invention is not limited by the model discussed, and used as an example, or the specific proposed modeling approach described herein.

Claims

Claims What is claimed is:
1. A method for determining a type of Virtual Private Network (VPN) comprising the steps of: representing the network by a model containing a plurality of object classes; evaluating an import/export relationship of a first one and a second one of the object classes; and identifying the network type based on the evaluated relationship.
2. The method as recited in claim 1, wherein the VPN network object classes are selected from the group consisting of: configuration non-specific representation of types of managed components associated with elements of the network and configuration non-specific representations of relationships among the types of managed components.
3. The method as recited in claim 2, wherein the first and second object classes are configuration non specific representations of types of managed components.
4. The method as recited in claim 3, wherein the configuration non-specific representations of types of managed components are selected from the group consisting of: RouteTarget, VRF, and VPN.
5. The method as recited in claim 2, wherein the relationships amongst the types of managed components is selected from the and consisting of: ImportedBy/Imports, ExportedBy/Exports, VPNPeer, HubsOf, SpokesOf, SendsTo ReceivesFrom.
6. The method as recited in claim 1, wherein the type of VPN is selected from the group consisting of: Full-Mesh, Partial-Mesh, Hub-and-Spoke, and Spoke-and-Spoke.
7. The method as recited in claim 1, wherein the step of evaluating an import export relationship comprises the step of: determining;
Jm(R) = Ex(R) wherein: Im(R) is the set of second object classes imported by the first object class; and
Ex(R) is the set of second object classes exported by the first object class.
8. The method as recited in claim 1, wherein the first object class is a RouteTarget.
9. The method as recited in claim 8, wherein the step of evaluating an import/export relationship comprises the step of: determining
Im(Rι) = Ex(R2); and
Ex(Rι) \ Im (RO = Im(R2) \ Ex(R2); and
Ex(R ≠Im(R2) OR
Ex(R 0 Im(Ri) ≠ Empty set
10. The method as recited in claim 9, further comprising the step of determining spoke elements, wherein said step of determining spoke elements comprises the step of: determining
Ex(R1) \Im (R1)
11. The method as recited in claim 10, wherein the VPN hub elements are the remaining members of the set of second managed components.
12. The method as recited in claim 1, further comprising the step of: storing the determined type of network.
13. The method as recited in claim 1, further comprising the step of: displaying the type of network.
14. The method as recited in claim 13, further comprising the step of: displaying members of the network type.
15. The method as recited in claim 9, wherein the step of evaluating an import export relationship further comprises the step of: excluding from evaluation RouteTargets associated with a Full-Mesh Network.
16. The method as recited in claim 9, wherein the step of evaluating an import/export relationship further comprises the step of: evaluating only RouteTargets that are exported by at least one second object class that is in the import set of a selected RouteTarget.
17. An apparatus for determining a type of Virtual Private Network (VPN) represented by a model containing a plurality of object classes, the apparatus comprising: a processor in communication with a memory, said processor executing code for: evaluating an import/export relationship of a first one and a second one of the object classes; and identifying the network type based on the evaluated relationship.
18. The apparatus as recited in claim 17, wherein the VPN network object classes are selected from the group consisting of: configuration non-specific representation of types of managed components associated with elements of the network and configuration non-specific representations of relationships among the types of managed components.
19. The apparatus as recited in claim 18, wherein the first and second object classes are configuration non specific representations of types of managed components.
20. The apparatus as recited in claim 19, wherein the configuration non-specific representations of types of managed components are selected from the group consisting of: RouteTarget, VRF, and VPN.
21. The apparatus as recited in claim 18, wherein the relationships amongst the types of managed components is selected from the group consisting of: ImportedBy/Imports, ExportedBy/Exports, VPNPeer, HubsOf, SpokesOf, and SendsTo ReceivesFrom.
22. The apparatus as recited in claim 17, wherein the type of VPN is selected from the group consisting of: Full-Mesh, Partial-Mesh, Hub-and-Spoke, and Spoke-and-Spoke.
23. The apparatus as recited in claim 17, wherein said processor further executing code for determining:
Im(R) = Ex(R) wherein: Im(R) is the set of second object classes imported by the first object class; and
Ex(R) is the set of second object classes exported by the first tioject class.
24: The apparatus as recited in claim 17, wherein the first object class is a RouteTarget.
25. The apparatus as recited in claim 24, wherein the processor further executirig code for determining:
Im(Rι) = Ex(R2); and
Ex(Rι) \ Im (Ri) = Im(R2) \ Ex(R2); and
Ex(R,) ≠Im(R2) OR
Ex(Rι) n irn(Rι) ≠ Null Set
26. The apparatus as recited in claim 25, wherein the processor further executing code for determining:
Ex R Mm CR
27. The apparatus as recited in claim 26, wherein the VPN hub elements are the remaining members of the set of second managed components.
28. The apparatus as recited in claim 17, wherein the processor further executing code for: storing the determined type of network.
29. The apparatus as recited in claim 17, wherein the processor further executing code for: displaying the type of network.
30. The apparatus as recited in claim 17, wherein the processor further executing code for: displaying members of the network type.
31. The apparatus as recited in claim 24, wherein the processor further executing code for: excluding from evaluation RouteTargets associated with a Full-Mesh Network.
32. The apparatus as recited in claim 24, wherein the processor further executing code for: evaluating only RouteTargets that are exported by at least one second managed component that is in the imported set of a selected RouteTarget.
33. The apparatus as recited in claim 17, further comprising an: input/output device in communication with the processor and the memory.
34. The apparatus as recited in claim 17, wherein the code is stored in the memory.
35. A computer-read medium contain code thereon, the code suitable for determining a type of Virtual Private Network (VPN), which is represented as a model containing a plurality of object classes, by providing instructions to a computing system for executing the steps of: evaluating an import/export relationship of a first one and a second one of the object classes; and identifying the network type based on the evaluated relationship.
36. The computer-read medium as recited in claim 35, wherein the VPN network object classes are selected from the group consisting of: configuration non-specific representation of types of managed components associated with elements of the network and configuration non-specific representations of relationships among the types of managed components.
37. The computer-read medium as recited in claim 36, wherein the first and second object classes are configuration non specific representations of types of managed components.
38. The computer-read medium as recited in claim 37, wherein the configuration non-specific representations of types of managed components are selected from the group consisting of: RouteTargets, VRF, and VPN.
39. The computer-read medium as recited in claim 36, wherein the relationships amongst the types of managed components is selected from the group consisting of: ImportedBy/Imports, ExportedBy/Exports, VPNPeer, HubsOf, SpokesOf, and SendsTo/ReceivesFrom.
40. The computer-read medium as recited in claim 35, wherein the type of VPN is selected from the group consisting of: Full-Mesh, Partial-Mesh, Hub-and-Spoke, and Spoke-and- Spoke.
41. The computer-read medium as recited in claim 35, wherein the code further providing . instructions to a computing system for executing the step of: determining
Im(R) =Ex(R) wherein: Im(R) is the set of second object classes imported by the first object class; and
Ex(R) is the set of second object classes exported by the first object class.
42. The computer-read medium as recited in claim 35, wherein the first object class is a RouteTargets.
43. The computer-read medium as recited in claim 42, wherein the code further providing instructions to a computing system for executing the step of: determining
Im(Rι) = Ex(R2); and
Ex(R \ Im (RO = rm(R2) \ Ex(R2); and
ExCR Imfϊ^ OR
Ex(Rι) PI Im(Rι) ≠ Empty set
44. The computer-read medium as recited in claim 43, wherein the code further providing instructions to a computing system for executing the step of: determining
Ex(Rι) \ Im (Ri)
45. The computer-read medium as recited in claim 43, wherein the VPN hub elements are the remaining members of the set of second managed components.
46. The computer-read medium as recited in claim 35, wherein the code further providing instructions to a computing system for executing the step of: storing the determined type of network.
47. The computer-read medium as recited in claim 35, wherein the code further providing instructions to a computing system for executing the step of: displaying the type of network.
48. The computer-read medium as recited in claim 35, wherein the code further providing instructions to a computing system for executing the step of: displaying members of the network type.
49. The computer-read medium as recited in claim 43, wherein the code further providing instructions to a computing system for executing the step of: excluding from evaluation RouteTargets associated with a Full-Mesh Network.
50. The computer-read medium as recited in claim 43, wherein the code further providing instructions to a computing system for executing the step of: evaluating only RouteTargets that are exported by at least one second object class that is in the imported set of a selected RouteTarget.
PCT/US2004/031355 2003-09-25 2004-09-24 Model-based method and apparatus for determining virtual private network topologies WO2005031527A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US50580203P 2003-09-25 2003-09-25
US60/505,802 2003-09-25

Publications (2)

Publication Number Publication Date
WO2005031527A2 true WO2005031527A2 (en) 2005-04-07
WO2005031527A3 WO2005031527A3 (en) 2008-07-17

Family

ID=34393072

Family Applications (3)

Application Number Title Priority Date Filing Date
PCT/US2004/031452 WO2005031532A2 (en) 2003-09-25 2004-09-24 Method and apparatus for modeling and analyzing mpls and virtual private networks
PCT/US2004/031463 WO2005031533A2 (en) 2003-09-25 2004-09-24 Model-based method and apparatus for determining mpls network properties
PCT/US2004/031355 WO2005031527A2 (en) 2003-09-25 2004-09-24 Model-based method and apparatus for determining virtual private network topologies

Family Applications Before (2)

Application Number Title Priority Date Filing Date
PCT/US2004/031452 WO2005031532A2 (en) 2003-09-25 2004-09-24 Method and apparatus for modeling and analyzing mpls and virtual private networks
PCT/US2004/031463 WO2005031533A2 (en) 2003-09-25 2004-09-24 Model-based method and apparatus for determining mpls network properties

Country Status (2)

Country Link
US (2) US7441023B2 (en)
WO (3) WO2005031532A2 (en)

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7774500B1 (en) * 2004-07-01 2010-08-10 At&T Intellectual Property Ii, L.P. Method and apparatus for flexible network management of multiple customer virtual private networks
US7623535B2 (en) * 2004-09-09 2009-11-24 Cisco Technology, Inc. Routing protocol support for half duplex virtual routing and forwarding instance
US8369329B2 (en) * 2005-05-16 2013-02-05 Rockstar Consortium Us Lp Dynamic hierarchical address resource management architecture, method and apparatus
US7792045B1 (en) * 2005-08-25 2010-09-07 Emc Corporation Method and apparatus for configuration and analysis of internal network routing protocols
US20070061732A1 (en) * 2005-09-12 2007-03-15 Bobbin Nathan V User interface options of an impact analysis tool
US7493570B2 (en) 2005-09-12 2009-02-17 International Business Machines Corporation User interface options of a data lineage tool
US7694239B2 (en) * 2006-01-23 2010-04-06 International Business Machines Corporation Selection and deselection of objects at multiple levels of a hierarchy
US7903585B2 (en) * 2006-02-15 2011-03-08 Cisco Technology, Inc. Topology discovery of a private network
EP1830523A1 (en) * 2006-03-02 2007-09-05 BRITISH TELECOMMUNICATIONS public limited company Multi-protocol label switching
CN100394747C (en) * 2006-06-08 2008-06-11 上海交通大学 Radio virtual special net router
JP4995589B2 (en) * 2007-02-14 2012-08-08 株式会社日立製作所 Information processing system
US7930161B1 (en) * 2007-03-21 2011-04-19 Emc Corporation Method and apparatus for horizontal and vertical modeled representation and analysis of distributed systems
US8203965B1 (en) * 2007-03-29 2012-06-19 Emc Corporation Layered approach for representing and analyzing virtual private network services
US9858123B1 (en) 2014-11-10 2018-01-02 Turbonomic, Inc. Moving resource consumers in computer systems
US10552586B1 (en) 2015-11-16 2020-02-04 Turbonomic, Inc. Systems, apparatus and methods for management of computer-based software licenses
USRE48663E1 (en) 2009-06-26 2021-07-27 Turbonomic, Inc. Moving resource consumers in computer systems
US9852011B1 (en) 2009-06-26 2017-12-26 Turbonomic, Inc. Managing resources in virtualization systems
US9830192B1 (en) 2014-11-10 2017-11-28 Turbonomic, Inc. Managing application performance in virtualization systems
US8914511B1 (en) 2009-06-26 2014-12-16 VMTurbo, Inc. Managing resources in virtualization systems
US9805345B1 (en) 2014-11-10 2017-10-31 Turbonomic, Inc. Systems, apparatus, and methods for managing quality of service agreements
US11272013B1 (en) 2009-06-26 2022-03-08 Turbonomic, Inc. Systems, apparatus, and methods for managing computer workload availability and performance
US9830566B1 (en) 2014-11-10 2017-11-28 Turbonomic, Inc. Managing resources in computer systems using action permits
US9888067B1 (en) 2014-11-10 2018-02-06 Turbonomic, Inc. Managing resources in container systems
US10191778B1 (en) 2015-11-16 2019-01-29 Turbonomic, Inc. Systems, apparatus and methods for management of software containers
US10346775B1 (en) 2015-11-16 2019-07-09 Turbonomic, Inc. Systems, apparatus and methods for cost and performance-based movement of applications and workloads in a multiple-provider system
USRE48714E1 (en) 2009-06-26 2021-08-31 Turbonomic, Inc. Managing application performance in virtualization systems
USRE48680E1 (en) 2009-06-26 2021-08-10 Turbonomic, Inc. Managing resources in container systems
US10673952B1 (en) 2014-11-10 2020-06-02 Turbonomic, Inc. Systems, apparatus, and methods for managing computer workload availability and performance
US8838931B1 (en) 2012-03-30 2014-09-16 Emc Corporation Techniques for automated discovery and performing storage optimizations on a component external to a data storage system
US8868797B1 (en) 2012-03-30 2014-10-21 Emc Corporation Techniques for automated discovery of storage devices and their performance characteristics
US10311019B1 (en) * 2011-12-21 2019-06-04 EMC IP Holding Company LLC Distributed architecture model and management
US8825919B1 (en) 2011-12-22 2014-09-02 Emc Corporation Path performance data collection
US9197522B1 (en) 2012-03-21 2015-11-24 Emc Corporation Native storage data collection using multiple data collection plug-ins installed in a component separate from data sources of one or more storage area networks
US8812542B1 (en) 2012-03-30 2014-08-19 Emc Corporation On-the-fly determining of alert relationships in a distributed system
US8856257B1 (en) 2012-06-29 2014-10-07 Emc Corporation Sending alerts from cloud computing systems
US10528262B1 (en) 2012-07-26 2020-01-07 EMC IP Holding Company LLC Replication-based federation of scalable data across multiple sites
US8972405B1 (en) 2012-07-26 2015-03-03 Emc Corporation Storage resource management information modeling in a cloud processing environment
US8832498B1 (en) 2012-07-30 2014-09-09 Emc Corporation Scalable codebook correlation for cloud scale topology
US20140078888A1 (en) * 2012-09-14 2014-03-20 Tellabs Operations Inc. Procedure, apparatus, system, and computer program for designing a virtual private network
US9202304B1 (en) 2012-09-28 2015-12-01 Emc Corporation Path performance mini-charts
US9602356B1 (en) 2012-09-28 2017-03-21 EMC IP Holding Company LLC Groups based performance data collection
US10476787B1 (en) 2012-12-27 2019-11-12 Sitting Man, Llc Routing methods, systems, and computer program products
US10212076B1 (en) 2012-12-27 2019-02-19 Sitting Man, Llc Routing methods, systems, and computer program products for mapping a node-scope specific identifier
US10447575B1 (en) 2012-12-27 2019-10-15 Sitting Man, Llc Routing methods, systems, and computer program products
US10411998B1 (en) 2012-12-27 2019-09-10 Sitting Man, Llc Node scope-specific outside-scope identifier-equipped routing methods, systems, and computer program products
US10904144B2 (en) 2012-12-27 2021-01-26 Sitting Man, Llc Methods, systems, and computer program products for associating a name with a network path
US10404583B1 (en) 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using multiple outside-scope identifiers
US10419335B1 (en) 2012-12-27 2019-09-17 Sitting Man, Llc Region scope-specific outside-scope indentifier-equipped routing methods, systems, and computer program products
US10397101B1 (en) 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products for mapping identifiers
US10404582B1 (en) 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using an outside-scope indentifier
US10587505B1 (en) 2012-12-27 2020-03-10 Sitting Man, Llc Routing methods, systems, and computer program products
US10397100B1 (en) 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products using a region scoped outside-scope identifier
US10374938B1 (en) 2012-12-27 2019-08-06 Sitting Man, Llc Routing methods, systems, and computer program products
US10419334B1 (en) 2012-12-27 2019-09-17 Sitting Man, Llc Internet protocol routing methods, systems, and computer program products
US10411997B1 (en) 2012-12-27 2019-09-10 Sitting Man, Llc Routing methods, systems, and computer program products for using a region scoped node identifier
US9736046B1 (en) 2013-05-30 2017-08-15 EMC IP Holding Company LLC Path analytics using codebook correlation
US10165093B2 (en) * 2015-08-31 2018-12-25 Cisco Technology, Inc. Generating segment routing conduit in service provider network for routing packets
CN107634884B (en) * 2017-08-28 2020-12-04 深信服科技股份有限公司 Cloud networking behavior management system and method based on virtual private dial-up network
US11012418B2 (en) * 2018-02-15 2021-05-18 Forcepoint Llc Multi-access interface for internet protocol security

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020018664A1 (en) * 2000-07-10 2002-02-14 Atsushi Iwasaki Image forming apparatus

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5528516A (en) * 1994-05-25 1996-06-18 System Management Arts, Inc. Apparatus and method for event correlation and problem reporting
GB9707549D0 (en) * 1997-04-15 1997-06-04 British Telecomm Design of computer networks
US6374303B1 (en) * 1997-11-17 2002-04-16 Lucent Technologies, Inc. Explicit route and multicast tree setup using label distribution
US6874022B1 (en) * 1999-03-12 2005-03-29 Cisco Technology, Inc. Method and system for modeling behavior of elements in a telecommunications system
US6990518B1 (en) * 2001-03-22 2006-01-24 Agilent Technologies, Inc. Object-driven network management system enabling dynamically definable management behavior
US8014283B2 (en) * 2001-06-01 2011-09-06 Fujitsu Limited System and method for topology constrained QoS provisioning
US7450505B2 (en) * 2001-06-01 2008-11-11 Fujitsu Limited System and method for topology constrained routing policy provisioning
US20030137971A1 (en) * 2002-01-22 2003-07-24 Mark Gibson Telecommunications system and method
US7116665B2 (en) * 2002-06-04 2006-10-03 Fortinet, Inc. Methods and systems for a distributed provider edge
US7340519B1 (en) * 2003-03-05 2008-03-04 At&T Corp. Reducing configuration errors for managed services in computer networks
US7848259B2 (en) * 2003-08-01 2010-12-07 Opnet Technologies, Inc. Systems and methods for inferring services on a network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020018664A1 (en) * 2000-07-10 2002-02-14 Atsushi Iwasaki Image forming apparatus

Also Published As

Publication number Publication date
WO2005031532A2 (en) 2005-04-07
US7441023B2 (en) 2008-10-21
US7783778B2 (en) 2010-08-24
WO2005031533A2 (en) 2005-04-07
WO2005031532A3 (en) 2009-04-16
WO2005031533A3 (en) 2006-03-23
WO2005031527A3 (en) 2008-07-17
US20050071681A1 (en) 2005-03-31
US20050071130A1 (en) 2005-03-31
WO2005031532A9 (en) 2005-06-16

Similar Documents

Publication Publication Date Title
US7783778B2 (en) Model-based method and apparatus for determining virtual private network topologies
Greenberg et al. A clean slate 4D approach to network control and management
US7720003B2 (en) Model-based method and apparatus for determining MPLS network properties
US8526325B2 (en) Detecting and identifying connectivity in a network
US7593352B2 (en) Discovering MPLS VPN services in a network
US9166818B2 (en) Provisioning single or multistage networks using ethernet service instances (ESIs)
EP1393503B1 (en) Method and system for determining network characteristics using routing protocols
US9548896B2 (en) Systems and methods for performing network service insertion
US7752024B2 (en) Systems and methods for constructing multi-layer topological models of computer networks
US7860016B1 (en) Method and apparatus for configuration and analysis of network routing protocols
US6898183B1 (en) Method of determining a data link path in a managed network
US20020186664A1 (en) System and method for topology constrained QoS provisioning
EP1643680A1 (en) Method and system for managing network nodes in MPLS-VPN networks
US20070226630A1 (en) Method and system for virtual private network connectivity verification
US20030014548A1 (en) Method and apparatus for determining unmanaged network devices in the topology of a network
US20090210523A1 (en) Network management method and system
US7792045B1 (en) Method and apparatus for configuration and analysis of internal network routing protocols
US20060248196A1 (en) Using broadcast domains to manage virtual local area networks
US8326969B1 (en) Method and apparatus for providing scalability in resource management and analysis system- three way split architecture
EP3817341A1 (en) Bulk configuration of devices behind a network address translation device
Cisco Cisco IOS Bridging and IBM Networking Command Reference Volume 1 of 2 Release 12.2
US8862996B1 (en) Method and apparatus for container mapping presentation of distributed systems
US20090187652A1 (en) Inferred Discovery Of Devices Of A Data Communications Network
US8868718B1 (en) Method and apparatus for providing scalability in resource management and analysis systems
US7299246B1 (en) Client initiated multicast domain discovery

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase