The invention relates to communication networks and, more particularly, to Virtual Private Networks (VPNs).
A VPN is a private network that is configured within a public network to connect a series of remote users. A public network, in this context, can be any network to which there is access by more than one user, such as the Internet or a core network managed by a Network Service Provider (NSP). A VPN may be used to connect a number of remote or mobile users to a Local Area Network (LAN), or a number of LANs.
From a Network Service Providers (NSPs) perspective, a VPN can be seen as a service for interconnecting a customer's various premises.
An early generation of VPNs was based on point-to-point leased line connections, where there is no router between each item of Customer Premises Equipment (CPE). These are often referred to as “Overlay VPN's” and are still widely used because they offer quality and privacy. However, they are costly for consumers who rarely utilise all the bandwidth they lease.
The new generation of VPNs is based on a Network Service Provider's Internet Protocol (IP) backbone. The main benefit of these is that IP offers instant connectivity between any number of users and/or customer premises, and, as such, optimises the bandwidth usage between all the customers.
Network service providers offering VPN services to their customers face several challenges. One of these challenges is the implementation and maintenance of Operations Support Systems (OSSs) and Business Support Systems (BSSs) in their organisation.
OSSs refer to the systems that help a NSP to perform management, inventory and repair functions on their network. Originally, OSSs were designed to automate manual processes making operation of the network more error-free and efficient. OSSs are now also being used to improve NSPs return on investment through gathering an increased amount of information.
BSSs refer to systems that facilitate the sharing of information between business and customer functions, and network management functions. These systems are generally linked with billing and customer care but these are directly related to OSSs as Quality of Service (QoS) is an important factor in a NSP/customer relation.
To ensure a high level of QoS is delivered to the customer, Network Service Providers must make sure that their OSSs and BSSs can be initialised quickly and with accurate data describing the various networks and services and that they are maintained over time with up to date accurate data.
An important method for ensuring that data is accurate and up to date is through the use of network discovery functions.
An example of a basic network discovery function uses the Internet Control Message Protocol (ICMP) to detect whether a network element at a particular IP address is active. ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module. This network discovery function is more commonly known as a packet “ping”, and involves the requesting system sending out a “ping” to a particular IP address and if there is a “ping” returned it is known that that network element is active.
The Simple Network Management Protocol (SNMP) allows more information to be obtained from network elements and is commonly used in network management systems. Once a network element has been confirmed as active by a “ping”, neighbouring or other relevant network elements can be identified using SNMP to examine universally available IP routing tables. The newly identified network elements may be “pinged” to ensure they are active and then the IP routing table is consulted again to identify additional currently unknown network elements.
Another method of finding currently unknown network elements is to examine packets of information such as a User Datagram Protocol (UDP) packet. By examining the header information of these packets, IP addresses can be identified by looking at the destination, sender and any pass-through IP addresses. If any IP addresses identified are previously unknown they can then be further examined.
However, discovery of network elements does not complete the information required to run a NSPs network. Additional information is usually required, such as, how the element is connected to other elements and what services the element supports.
VPN services have traditionally been set up manually using a clean data provisioning process. This involves information relevant to VPN functionality being entered by network engineers during the provisioning process. That is, a network engineer sets up a VPN according to details acquired from the customer, such as, security levels and bandwidth required. Normally, this information is then used to populate inventory systems containing relevant network information, including VPN set up for later use by the network. This information can either be automatically populated from a provisioning system or manually entered into the inventory system.
As the inventory systems are effectively manually populated, inevitable flaws in the process create discrepancies in the inventory systems over time.
It is an object of the present invention to overcome this and other drawbacks.
There are several existing methods which try to achieve VPN discovery functions. However, these are either technology or vendor dependant, and apply to IP VPNs only. Existing solutions take advantage of the information held by routing protocols especially Border Gateway Protocol (BGP) or Multi Protocol Label Switching (MPLS) Virtual Routing Forwarding (VRF) tables.
The principal of using configuration rules for discovery is known, including within the frame work of the discovery of network elements pertaining to the functionality required for the VPN services. However, an object of the present invention is to associate network elements with a particular VPN service.