Integrating service insertion architecture and virtual private network

Assignee

• Cisco Technology, Inc. · US

Inventors

• Rajiv Asati · Morrisville, US
• Mohamed Khalid · Cary, US
• Sunil Cherukuri · Morrisville, US
• Kenneth Durazzo · San Ramon, US
• Shree Murthy · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/164
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.