The present invention relates to Network communication carriers currently provide network-based virtual private network (VPN) capabilities over their networks. Generally providing VPN capabilities requires the use of technologies such as virtual routing at edge access routers and aggregation routers, multi-protocol label switching (MPLS), asynchronous transfer mode (ATM) permanent virtual circuits (PVCs), and the like, in devices that make up the backbone of the network. The virtual routing technology allows the carrier to present, to each of its enterprise customers, a set of virtual routers that are considered as owned and managed by the customer for the purpose of connection of among different customer sites. The use of MPLS, or any other comparable technology, allows these virtual routers to efficiently create and maintain virtual links between the different virtual routers over the carrier's shared network backbone.
For many such carriers, adding multimedia services, and particularly voice services, on top of their existing IP networks, is the natural next step. Most carriers prefer to build a single shared resource to provide the multimedia services to the entire customer base, rather than building dedicated resources for each individual enterprise customer. The shared resource is often built as yet another VPN on top of the existing infrastructure, and is sometimes called a “Centralized Voice Extranet”. The centralized voice extranet is implemented at a carrier centralized office (CO) where call control, call termination and other call servers, such as interactive voice response (IVR), conference, and voice mail servers, are co-located for the purpose of providing the service to enterprise customers.
In general, multimedia (and other) entities of different customers residing at different VPNs are not routable from one another, because deployment of VPNs keeps each VPN private so that its constituent devices are not exposed to other networks. Moreover, more often than not the VPNs use private IP address schemes that overlap with each other (e.g. addresses of the range 10.0.0.x or 192.168.x.x).
One way to provide centralized voice services for such enterprise customers is to employ devices that provide network address translator and firewall (NAT/FW) functions at the edge of the customer networks. This approach ensures that each enterprise is protected from the rest of the network and is uniquely addressable. However, this approach also requires expensive, and otherwise redundant, equipment to be added to each enterprise network and further complicates the routing scheme and limits the use of the virtual routers at the network itself. For the purpose of providing voice services the NAT/FW function also must support multimedia over Internet protocol (MoIP) or voice over Internet protocol (VoIP), which is known to be a significant challenge.
Therefore, in view of the limitations of the prior art, it would be advantageous to provide MoIP or VoIP services for customers that are not located on the same VPN, while not compromising the security of the VPNs.