A virtual private network (VPN) is an example of a private communication network. A VPN emulates a private, Internet Protocol (IP) network using shared or public network infrastructures such as the Internet. One type of VPN is implemented by configuring network devices (e.g., switches and routers) to establish a private, encrypted “tunnel” over a public network in order to secure VPN traffic against public access.
A VPN may encompass a number of virtual local area networks (VLANs). A VLAN consists of a network of computers or like devices, which behave as if they are connected to the same local wire but in fact may be in different locations (e.g., in different buildings, or even in different cities). Thus, devices may be a part of the same VPN although separated by large distances. A device such as a computer or a voice-over-IP (VoIP) phone can be identified as a member of a particular VLAN using a VLAN tag prescribed according to, for example, IEEE 802.1Q.
Session border controllers (SBCs) are used to provide services and to implement policies in VoIP communication networks. An SBC may be used, for example, to enable VoIP calls to be made to and from VPNs, from VPNs to a public switched telephone network (PSTN), or between phones that use different VoIP protocols.
An SBC may serve multiple VPNs, performing different services and implementing different policies for each. Also, the services performed and policies implemented by an SBC may depend on whether or not the traffic will remain within the VPN. Accordingly, it can be important to identify whether or not the calling and called parties are members of the same VPN and, if so, which VPN, in order to identify instances in which a service or policy associated with a particular SBC is not needed. In those instances, the SBC may be bypassed, thereby reducing overhead and shortening the communication path. More specifically, the SBC may direct the media portion of the traffic to bypass the SBC, while continuing to monitor the signaling portion of the traffic for further actions.
Currently, VLAN tags are used to associate traffic with a particular VPN. Each SBC is configured with mapping tables to map VLAN tags to VPN customer identifiers (IDs). The mapping tables are needed because VLAN tags are not globally unique, and so multiple SBCs may have different VLAN tags associated with the same VPN customer. Using the mapping tables, an SBC can determine whether the calling and called parties belong to the same VPN.
A problem with the conventional approaches is the effort needed to create and update the mapping tables on each of the SBCs in a VoIP network. The present invention provides a novel solution to this problem.