US 7,486,684 B2
`(10) Patent No:
`a2) United States Patent
`Chuetal.
`(45) Date of Patent:
`Feb. 3, 2009
`
`
`US007486684B2
`
`(54) METHOD AND APPARATUSFOR
`ESTABLISHMENT AND MANAGEMENT OF
`VOICE-OVERIP VIRTUAL PRIVATE
`NETWORKSIN IP-BASED
`COMMUNICATION SYSTEMS
`5) mens Thomas Chagnon. NUS
`Martin Joel Glapa, Golden, CO (US);
`Francis Robert Magee, Lincroft, NJ
`(US); Steven H. Richman, Highland
`Park, NJ (US)
`(73) Assignee: Alcatel-Lucent USA Ine., Murray Hill,
`NJ (US)
`
`(*) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`US.C. 154(b) by 976 days.
`
`
`
`21) Appl. No.: 10/674,885
`
`22)
`
`65)
`
`Filed:
`
`Sep. 30, 2003
`oo
`.
`Prior Publication Data
`US 2005/0068942 Al
`Mar. 31, 2005
`
`51)
`
`Int. Cl.
`(2006.01)
`HOAL DA6
`(2006.01)
`HOI 1/16
`52) US.cece 370/401; 370/352: 379/88.17
`58) Field of Classification Search........ 370/352-356,
`370/400, 401, 466, 467, 230, 389, 392; 709/231;
`379/88.17
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`US, PATENT DOCUMENTS
`7,369,556 B1*
`5/2008 Rekhter etal. 0... 370/392
`2002/0150083 Al* 10/2002 Fangman etal.
`............ 370/352
`a
`f
`r
`
`NORMAN AIT LH amytal 28
`
`6/2003 DeNeve etal. vv... 370/230
`2003/0117954 Al*
`
`
`
`OTHER PUBLICATIONS
`Network Working Group, Request for Comments: 2685, Category:
`Standards Track, B. Fox,Lucent Technologies, B. Gleeson, Nortel
`Networks, Sep. 1999, Virtual Private Networks Identifier; http://
`YW"Wetorg/rfc/rfc2685.txt?’number=2685.
`* cited by examiner
`.
`Primary Examiner—John Pezzlo
`
`(57)
`
`ABSTRACT
`
`Establishing voice calls in an IP based VPN includes deter-
`mining the relative location of a terminating point with
`respectto an originating point of a new communication con-
`taining the voice data, determining one or more IP addresses
`to egress the communicationfrom the originating point to the
`terminating point, creating a VPN identifier in the new com-
`munication, passing the new communication to the terminat-
`ing point and removing the VPN identifier from the new
`communication. The VPN identifier can be an extra field
`added to an encapsulation coding schemeof the voice data.
`
`16 Claims, 16 Drawing Sheets
`
`
`SERVICE
`
`PROVIDER'S
`1407
`400
`LK
`{P NETWORK
`PSNT GATEWAY
`1302
`
`SOFT-SWITCH
`FORGATEWAY
`1304
`_-FORINCOMING CALL,
`THE SOFT-SWITCH CAN IDENTIFY
`THE VPN LABEL FROM
`THE DIALED NUMBER
`fs) &
`SIN A
`PSTN PHONE
`1301
`
`_
`
`ky
`
`LOCAL
`SOFT-SWITCH
`
`200
`
`200
`
`IP ADDRESS C
`
`7
`
`LOCAL
`PACKET SWITCH\
`340
`
`CALLINGPHONE
`SUBSCRIBER
`)
`\
`IP ADDRESSA1
`/
`
`\
`x
`/
`7 vw nnVt
`
`/
`\
`
`/’ ENCAPSULATION WILL BE USED |
`VOICE
`PACKET
`RTPpo
`
`UDP
`
`VOICE
`PACKET
`RTP
`UDP
`
`
`
`
`
`IP ADDRESS
`
`LOWER LAYER
`
`
`
`IP ADDRESS
`
`VPN-ID
`
`L_—~ 1306
`
`LOWER LAYER
`
`PETITIONER APPLE INC.
`
`EX. 1003-1
`
`PETITIONER APPLE INC. EX. 1003-1
`
`

`

`U.S. Patent
`
`Feb. 3, 2009
`
`Sheet 1 of 16
`
`US 7,486,684 B2
`
`PSTN
`
` GATEWAY130
`
`LOCAL AREA NETWORK 120
`
`IP PHONE 103
`
`FIG. 1
`(PRIOR ART)
`
`PETITIONER APPLE INC.
`
`EX. 1003-2
`
`PETITIONER APPLE INC. EX. 1003-2
`
`

`

`yuayed“Sn
`6007‘€“G2
`OTJOZJoo
`
`7H£89°98PLSN
`
`SIGNALING
`200
`po ” Po3) MESSAGES
`| TO OTHER
`SOFT-SWITCH
`220
`ae | SOFT-SWITCHES
`
`
`
`
`re
`__ SIGNALING= 1
`VoIP
`
`
`
`—|
`SUBNETWORK
`I VERTICLE
`CONTROL OR
`
`SIGNALING
`CONTROL
`$
`!l INTERFACE
`
`
`
`
`
`SWITCH
`
`210
`
`DATA SERVICES
`SUBNETWORK
`IP PHONE 103
`
`
`
`|CENTRAL OFFICE 205
`CUSTOMER PREMISES 105
`
`
`||
`
`|
`
`iP NETWORK
`
`Ss
`
`ERVICE PROVIDER
`
`PETITIONER APPLE INC. EX. 1003-3
`
`

`

`CLASSIFIER
`
`
`INTEGRATED TRAFFIC
`
`
`
`TO SUBSCRIBER'S
`PACKET
`LOCATION
`SWITCH
`210
`
`302
`PACKET
`
`SOFT-SWITCH 220
`
`
`
`OTHER TRAFFIC
`
`yuayed“Sn
`6007‘€“G2
`9TJO¢Joys
`
`7H£89°98PLSN
`
`FIG. 3
`
`PETITIONER APPLE INC. EX. 1003-4
`
`

`

`SUBSCRIBER
`SUBSCRIBER
`LOCATION
`
`
`LOCATION
`105
` 105
`
` PACKET
`140
`140
`
`PACKET=492 402 SWITCH
`
`210
`
`
`
`
`
`
`
`
`
`PACKET
`PACKET
`
`SWITCH
`
`
`SWITCH
`
`210
`210
`
`yuajed*S'N
`
`6007‘€“G2
`OTJOF99S
`
`
`
`
`
`SUBSCRIBER
`LOCATION
`105
`
`SERVICE PROVIDER'S NETWORK
`400
`
`SUBSCRIBER
`LOCATION
`105
`
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-5
`
`

`

`220
`
`SOFT-SWITCH
`
`CONNECTION
`502
`
`CONNECTION
`504
`
`
`
`
`
`
`
`
`506
`
`PROCESSINGLOGIC
`
`SCOPE OF H.248 210
`
`
`CONNECTION
`
`FIG. 5
`
`yuayed“Sn
`6007‘€“G2
`9TJOSoaYS
`
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-6
`
`

`

`yuayed“Sn
`
`2
`=
`we
`>
`S
`
`=
`a
`S
`a
`
`
`
`VoIP
`
`SUBNETWORK
`310
`
`
`qt
`
`%>S
`
`s
`nN
`So
`
`ee 7
`|
`|
`|
`
`ras ~]
`|
`IP ADDRESS=C
`|
`|
`|
`
`608
`
`614
`
`
`LEE
`
`! i,
`SERVER 110
`
`604
`
`608
`
`606
`
`l !
`
`|
`|
`|
`|
`|
`|
`
`CONNECTION|
`240
`|
`
`|
`
`|
`|
`|
`|
`| 610
`|
`
`|
`|
`
`|
`
`| |
`
`|
`
`|
`|
`
`|
`
`i
`eS
`ROUTER
`440
`
`~
`o>
`IP PHONE 101
`IP ADDRESS = A
`|
`CUSTOMER PREMISES 105
`Poe J
`
`|
`
`,
`:
`
`145
`
`!
`|
`|
`PACKET
`|
`|
`SWITCH
` +IPADDRESS = B |
`210.
`:
`SERVICE PROVIDER
`!
`|
`____ ___CENTRAL OFFICE 205,
`
`FIG. 6
`
`200
`
`PETITIONER APPLE INC. EX. 1003-7
`
`

`

`IP ADDRESS=C
`
`IP ADDRESS=E1
`
`IP ADDRESS=G
`
`618
`EGRESS
`
`INGRESS
`
`SOFT-SWITCH
`SOFT-SWITCH
`
`220
`520
`
`
`
`FROM ORIGINATING
`IP-PBX SERVER
`
`TO TERMINATING
`IP-PBX SERVER
`
`
`
`
`
`
`CONNECTION
`240
`
`CONNECTION
`
`CONNECTION
`540
`
`
`
`
`
`
`INGRESS
`TRANSIT
`PACKET
`PACKET
`
`
`
`
`SWITCH
`SWITCH
`
`
`410
`210
`
`310
`
`EGRESS
`PACKET
`SWITCH
`510
`
`IP ADDRESS= B
`
`IP ADDRESS= D1
`
`IP ADDRESS = F
`
`
`
`6007*€“Gedyuajzeg“Sn
`
`9TJO£J9aYS
`
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-8
`
`

`

`622
`
`630
`
`|
`
`jl
`|
`
`l
`
`|
`|
`
`sx
`ee
`
`|
`CONNECTION
`ONO
`540
`|
`~
`|
`!
`__,
`
`BR
`EGRESS
`|
`|
`RING-BACK
`|
`PACKET
`|
`|
`-
`IP PHONE 601,
`ail
`!
`|
`!
`0
`:
`IPADDRESS=F
`:
`!
`!
`!
`| EGRESS
`| DESTINATION CUSTOMER
`CENTRAL OFFICE 804
`PREMISES 806
`eee eee =
`eeeee 4
`
`|
`!
`SERVER 802
`IP ADDRESSJ ,
`
`
`
`eee)
`|
`!
`626 |
`l
`
`|
`
`yuayed“Sn
`6007‘€“G2
`9TJO§yoaYS
`
`7H£89°98PLSN
`
`| __ IPADDRESS =G
`:
`EGRESS
`SOFT-SWITCH
`520
`
`618
`
`200
`
`4
`:
`
`Po
`!
`|
`
`504
`
`
`
`|
`|
`: So
`——_1___— _ |
`!
`628 !
`: 6284
`
`FIG. 8
`
`PETITIONER APPLE INC. EX. 1003-9
`
`

`

`yuayed“Sn
`
`- e
`
`S
`>
`S
`
`HN
`e
`=
`2
`>
`
`c
`4
`.
`Se
`aoe)
`
`634
`
`|
`
`|
`
`j
`
`636
`
`CONNECTION
`540
`
`S>
`eI
`
`| | |
`
`|
`DESTINATION CUSTOMER
`|
`PREMISES 806
`oe J
`
`200
`
`|
`|
`]
`632 |
`|
`|
`|
`|
`|
`.
`
`—e—__——__}_________. |
`
`eS
`eS
`REMOTE|
`EGRESS
`|
`RING-BACK
`PACKET
`|
`IP PHONE 601
`|
`SWITCH
`|
`|
`510
`|
`I EGRESS
`IP ADDRESS = F |
`LCENTRAL OFFICE804
`
`| | | | | | | | | | | | | | | | |
`
`—
`
`| |
`
`SERVER 802 |
`_
`|
`
`PO |
`IP ADDRESS =G
`|
`
`| |
`
`624
`
`|
`
`:
`
`| |
`
`EGRESS
`
`SOFT-SWITCH 520
`
`:
`
`|
`
`1|
`
`638
`
`[|
`l
`|
`
`CONNECTION
`1440
`
`PETITIONER APPLE INC. EX. 1003-10
`
`

`

`IP ADDRESS=C
`
`IP ADDRESS=E1
`
`IP ADDRESS=G
`
`INGRESS
`SOFT-SWITCH
`
`642
`
`TRANSIT
`SOFT-SWITCH
`
`638
`
`EGRESS
`SOFT-SWITCH
`
`520
`420
`|
`220
`
`
`
`FROM ORIGINATING
`iP-PBX SERVER
`
`TO TERMINATING
`IP-PBX SERVER
`
`
`
`
`CONNECTION
`240
`
`
`
`CONNECTION
`
`CONNECTION
`540
`
`INGRESS
`PACKET
`SWITCH
`210
`
`TRANSIT
`PACKET
`SWITCH
`410
`
`EGRESS
`PACKET
`SWITCH
`510
`
`IP ADDRESS = B
`
`IP ADDRESS = D1
`
`IP ADDRESS = F
`
`yuayed“Sn
`6007‘€“G2
`OTJOOTJ90NS
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-11
`
`

`

`CP
`
`N
`
`>
`c
`=
`
`S
`*
`re
`S
`-
`
`Z
`&
`=
`=
`=
`a
`
`VoIP
`SUBNETWORK
`310
`
`e
`
`Iy
`
`h
`Ss
`nN
`So
`
`Nl
`
`|
`l
`
`|
`
`7 “IPADDRESS=C i (stisw 4
`|
`SOFT-SWITCH
`|
`220
`|
`
`642~
`
`
`ION
`CONNECTION |
`
`240
`|
`|
`
`
`|
`|
`|
`PACKET
`|
`SWITCH
`|
`!
`210
`IPADDRESS=B
`!
`| SERVICE PROVIDER
`|
`| CENTRAL OFFICE 205
`LLL |
`
`
`
`|
`l
`
`l
`l
`|
`| 644
`
`
`
`
`
`
`ROUTER
`131
`
`IP PHONE101
`
`IP ADDRESS =A
`
`CUSTOMER PREMISES 105
`
`PETITIONER APPLE INC. EX. 1003-12
`
`

`

`yuayed“Sn
`140C) 240 C 440 C 540
`
`
`6007‘€“G2
`CAULED PHONE
`CALLING PHONE
`601
`101
`IP ADDRESS H
`IP ADDRESS A
`OTJOZTJ90N$
`7H£89°98PLSN
`
`IN EXAMPLE) DIRECTION OF FLOW)
`
` LOWER LAYER
`
`IP ADDRESS
`VPN-ID
`(MPLS
`
`LOWER LAYER
`SPECIFIED BY
`CONNECTION 440
`1220
`
`IP ADDRESS
`(A&H AS SOURCE
`AND DESTINATION
`DEPENDING ON
`DIRECTION ON
`DIRECTION OF FLOW)
`LOWER LAYER
`SPECIFIED BY
`CONNECTION 240
`1210
`
`FIG. 12
`
`INGRESS
`
`PACKET
`SWITCH
`210
`
`CONNECTION
`
`CONNECTION
`
`TRANSIT
`
`PACKET
`SWITCH
`410
`
`CONNECTION
`
`EGRESS
`
`PACKET
`SWITCH
`510
`
`CONNECTION
`
`VOICE
`PACKET
`
`VOICE
`PACKET
`
`VOICE
`PACKET
`
`VOICE
`PACKET
`
`UDP
`
` IP ADDRESS
`(A&H AS SOURCE
`AND DESTINATION
`DEPENDING ON
`DIRECTION ON
`
`
`
`
`SPECIFIED BY
`CONNECTION 240
`1210
`
`1204
`
`IP ADDRESS
`VPN-ID
`(MPLS
`IN EXAMPLE)
`
`LOWER LAYER
`SPECIFIED BY
`CONNECTION 240
`1220
`
`1202
`
`PETITIONER APPLE INC. EX. 1003-13
`
`

`

`FIG. 13
`
`LOCAL
`
`SOFT-SWITCH
`
`220
`
`200
`
`1304
`
`SOFT-SWITCH
`
`FORGATEWAY
`
`FOR INCOMING CALL,
`THE SOFT-SWITCH CAN IDENTIFY
`THE VPN LABEL FROM
`THE DIALED NUMBER
`
`PROVIDER'S
`IP NETWORK
`
` SERVICE
`
`CALLINGPHONE
`SUBSCRIBER
`\
`Fa
`IP ADDRESS A1
`\es/
`/
`\
`yo ENCAPSULATION WILL BE USED \
`VOICE
`PACKET
`
`7”
`
`y
`
`
`
`
`
`
`
`
`
`VOICE
`PACKET
`
`IP ADDRESS
`
`LOWER LAYER
`
`PSNT GATEWAY
`
`1302
`
`PSTN PHONE
`
`1301
`
`)
`
`400
`
`toca.
`PACKET SWITCH\
`a
`
`
`
`
`
`
`IP ADDRESS
`
`VPN-ID
`
`LOWER LAYER
`
`
`
`
`
`
`1306
`
`yuayed“Sn
`6007‘€“G2
`OTJOETJoaYS
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-14
`
`

`

`IP ADDRESS FROM
`SUBSCRIBER 1 1S USED
`\
`
`IP ADDRESS FROM
`SUBSCRIBER 2 IS USED
`/
`
`\
`
`/
`
`101
`
`RE
`
`INGRESS
`220
`\
`($20
`
`SORTSAICH
`SOFT-SWITCH
`
`CALLING PHONE
`IP ADDRESS C
`IP ADDRESSJ
`OAHONE
`
`SUBSCRIBER1
`Daeg?
`
`IP ADDRESS A
`
`
`SUBSCRIBER 2
`
`LAN
`
`
`
`INTER-NET
`EGRESS
`INGRESS
`PACKET
`GATEWAY
`PACKET
`
`
`
`
`SWITCH
`SWITCH
`1402
`SERVICE PROVIDER'S
`219.
`549
`IP NETWORK
`
`VOICE PACKET WITH VPN
`VOICE PACKET WITH VPN
`IDENTIFIER FOR SUBSCRIBER1
`IDENTIFIER FOR SUBSCRIBER 2
`
`FIG. 14a
`
`yuayed“Sn
`6007‘€“G2
`OTJOFTJ99YS
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-15
`
`

`

`iP ADDRESS FROM
`SUBSCRIBER1 IS USED
`\
`
`IP ADDRESS FROM
`SERVICE PROVIDER'S
`SPACE !S USED
`\
`
`iP ADDRESS FROM
`SUBSCRIBER2 IS USED
`/
`
`\
`|
`220.—O/
`\
`S20
`_\
`INGRESS
`EGRESS
`|
`
`SOMSWCH |
`| SOFT-SWITCH
`
`
`IP ADDRESS C
`CALLING PHONE
`| IPADORESSJ
`AONE
`
`
`\
`101
`/
`SUBSCRIBER
`
`
`
`
`SUBSCRIBER \|7 SERVICE \ IP ADDRESSY
`
`
`/
`PROVIDER'S
`\
`IP ADDRESS A
`
`
`
`IP NETWORK
`SUBSCRIBER2
`
`
`LAN
`
`
`
` 1404
`
`
`INGRESS
`EGRESS
`
`PACKET SWITCH
`PACKET SWITCH
`210
`510
`
`yayed"SA
`
`6007‘€“G2
`OTJOSTJoaNS
`7H£89°98PLSN
`
`WY
`VOICE PACKET WITH
`SPECIAL VPN IDENTIFIER
`
`FIG. 14b
`
`PETITIONER APPLE INC. EX. 1003-16
`
`

`

`INGRESS
`SOFT-SWITCH
`IP ADDRESS C
`
`CALLING PHONE
`
`CALLING PHONE
`
`SUBSCRIBER
`IP ADDRESS A
`
`EGRESS
`220
`520
`
`SOFT-SWITCH
`
`IP ADDRESSJ
`
`
`SUBSCRIBER
`
`SERVICE
`IP ADDRESS B
`
`PROVIDER'S
`
`
`
`
`IP NETWORK
`SUBSCRIBER
`LAN
`
`INGRESS
`EGRESS
`PACKET SWITCH
`PACKET SWITCH
`210
`510
`
`IP ADDRESS PAIR
`
`(A,B)
`
`(C.J)
`
`(A,B)
`
`FIG. 15
`
`yuayedSn
`6007‘€“G2
`OTJOOTJoaYS
`7H£89°98PLSN
`
`PETITIONER APPLE INC. EX. 1003-17
`
`

`

`US 7,486,684 B2
`
`2
`alternative is similar to the “Software Defined Network”ser-
`vices from the SPs where TDM based PBXsare connected to
`
`the SP’s networking using the Primary Rate Interface (PRI)
`from the ISDN. Wewill referto this alternative as VoIP-VPN.
`
`The modulein this networkthat handlescall signaling from
`the user is commonlyreferred to as a soft-switch. Depending
`on the size ofthe network,a network may contain a number of
`soft-switches, which are interconnected. Call signaling mes-
`sagesroute througha series of soft-switches in orderto estab-
`lish a call as it is more efficient to connect the IP PBXs
`
`throughan IP network, without converting the voicetraffic to
`TDM andback.
`
`Tn the currentstate oftheart, all the IP phonesare assigned
`an IP address from the SP’s IP address space. However,this is
`a major shortcoming. Most enterprises use their own IP
`addressing schemein addressing their workstations and PCs.
`All IP-VPNservices allow the customerto use their own IP
`
`address scheme. Customer would like any VoIP-VPNservice
`to have the samecapability, 1.e, the IP phones can be assigned
`IP address from the customerIP address space instead of the
`SP’s public IP address space. This capability is importantas,
`in the future, that an IP phone would actually be part of a PC
`or workstation. In this case,itis paramountthat the PC and the
`IP phoneuse the same IP addressor, at least, use IP address
`from the same addressing space. This invention describes an
`innovative methodto do this.
`
`
`
`SUMMARYOF THE INVENTION
`
`1
`METHOD AND APPARATUS FOR
`ESTABLISHMENT AND MANAGEMENT OF
`VOICE-OVERIP VIRTUAL PRIVATE
`NETWORKSIN IP-BASED
`COMMUNICATION SYSTEMS
`
`FIELD OF THE INVENTION
`
`The inventionrelates to the field of communicationssys-
`tems and morespecifically to the management and control of
`voice-over Internet Protocol (VoIP) virtual private networks
`(VPNs)in an IP-based public branch exchange (PBX)envi-
`ronment.
`
`
`
`DESCRIPTION OF THE BACKGROUND ART
`
`IP based PBX has gained acceptance and momentumin the
`market place of advanced, high speed communications. The
`architecture of an prior art IP-PBX system is seen in FIG. 1.
`The system 100 consists ofa number of IP phones (101, 102,
`103) which are connected to a local area network (LAN) 120.
`Connected to the LAN is a server 110 whichprovides control
`ofthe local telephony network. Theserver 110 communicates
`with IP phones (101, 102, 103) via IP messages,acceptscall
`requests from the IP phones (101, 102, 103) and alerts the
`phones upon incomingcalls. There are two commonstan-
`dards for this protocol: H.248 from the International Tele-
`phone Union (ITU) and Session Invitation Protocol (SIP)
`from the Internet Engineering Task Force (IETF). The intel-
`ligence of the system 100 resides in the server 110 which can
`provide enhancedservicessuch as call waiting, call hold, call
`transfer and thelike.
`In IP-PBX,voicetraffic is encapsulated inside IP packets
`and is carried between the IP phones using the LAN. For
`communications to phonesin the public switched telephone
`network (PSTN), a gateway 130 is needed to convert the IP
`encapsulated voicetraffic to the traditional time division mul-
`tiplexed (TDM) format. The gateway 130 is also under con-
`trol of the server 110 using H.248. The usual access protocol
`between the gateway 130 and the PSTN is ISDN PRI. Many
`traditional PBXs have been upgradedto have an JP interface
`to support IP phones. These PBXsare considered as IP-PBX
`in this convention.
`
`As [P-PBXsare created, the need to connectall the PBXs
`within an enterprise together to form a corporate network
`exists (just as it did with respect to TDM based systems). An
`advantage in connecting two IP-based PBXsis that the voice
`traffic is already packetized. Direct packet-to-packet connec-
`tivity 1s desirable as there is no need to convert the voice
`packets to TDM andbackto again. A packet to TDM gateway
`is not necessary for calls between the IP-PBXs. This results in
`cost reduction and improvement in the performance of the
`system, as this avoids costly packet to TDM conversion and
`vice versa.
`
`40
`
`45
`
`The disadvantages heretofore associated with the prior art
`are overcomeby a novel method for establishing and manag-
`ing voicecall traffic in anVoIP IP virtual private network. The
`method comprises, in one embodiment, determiningthe rela-
`tive location of a terminating point with respect to an origi-
`nating point of a new communication containing the voice
`data, determining one or more IP addresses to egress the
`communication from the originating pointto the terminating
`point, creating a VPN identifier in the new communication,
`passing the new communication to the terminating point and
`removing the VPN identifier from the new communication.
`The VPNidentifier is an extra field (such as an MPLS label)
`added to an encapsulation coding scheme ofthe voice data.In
`an alternate method, the packet switches(or special gateway)
`can perform address translation from an IP address from one
`IP address space to an IP address from another IP address
`space of the voice data.
`An apparatusfor IP-based VPN communications includes
`at least one soft-switch and at least one packet switch having
`an interface to said at least one soft-switch. The packet switch
`has a VPN processing module for selectively establishing a
`In oneofthe approachesto interconnect IP-PBXs,the user
`VPNbased onaselection of originating and terminating IP
`subscribes to connection oriented packet services, such as
`addresses of voice calls passed to the at least onesoft-switch
`frame relay and ATM permanentvirtual circuit services, from
`and at least one packet switch. In one embodiment,theat least
`aservice provider (SP). The SP would only provide transport
`one soft-switch is an ingress soft-switch and an egress soft-
`services for the packet and is not aware that the packets are
`switch. Similarly, the at least one packet switch is an ingress
`voice packets. In an alternate approach in which the SP can
`packet switch and anegress packet switch. The apparatus may
`provide added functionality, the SP would actively participate
`further include a PSTN gateway connected to a gateway
`in the call signaling whena call is being in set up. In doingso,
`soft-switch and said at least one soft-switch for processing
`the SP can provide enhanced service at the request of the
`“off-net” calls. The apparatus may further include an inter-
`end-user on acall-by-call basis. As the SP network is aware of
`VPN gateway disposed betweenan ingress packet switch and
`when calls are set up and torn-down, the service can be
`an egress packet switch. The inter-VPN gateway passespack-
`chargedbasedon call duration. This may result in lower cost
`to the end-user, another benefit. In the TDM environment,this
`ets ofvoice data from an originating point from one subscrib-
`
`PETITIONER APPLE INC.
`
`EX. 1003-18
`
`PETITIONER APPLE INC. EX. 1003-18
`
`

`

`US 7,486,684 B2
`
`3
`er’s VoIP-VPNto a terminating point of another subscriber’s
`VoIP-VPN,modifying the VPN identifier appropriately.
`
`
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`4
`subscriber can negotiate the per-minute cost with the SP
`whichusually results in cost saving. The subscribers can use
`manyofthe enhanced features provided by the SP. The sub-
`scriber can leave the detailed engineering and maintenance of
`the networkto the SP. The SP offers a VoIP VPNservice that
`The teachings of the present invention can be readily
`allows such SP’s to keep thetraffic of the high-end subscrib-
`understood by considering the following detailed description
`ers on their network. These subscribers, in general, have a
`in conjunction with the accompanying drawings, in which:
`tendencyto subscribe to many enhancedservices, which have
`FIG. 1 depicts a general overview ofa prior art IP-PBX
`high margin. Another benefit to the subscriberis that the SP
`configuration;
`can charge the service based on usage (e.g. minutes ofuse). In
`FIG. 2 depicts a general overview of a portion of a com-
`many instances, the SP can provideattractive rates which
`munication system in one embodimentof the subject inven-
`results in substantial savings to the subscriber.
`A useful feature of the VoIP VPN service is that the SP
`tion;
`FIG.3 depicts an abbreviated view of the system of FIG.2
`provides gateway functionality to the PSTN. This function-
`to highlight a packet classifier feature;
`ality renders the traditional packet-to-TDM gateway of the
`FIG.4 depicts a general architecture ofa transport network
`IP-PBX unnecessary. This reduces the system cost of the
`whichis connected to the communication system of the sub-
`IP-PBX, both in capital spending and future maintenance.
`ject invention;
`Also, an inter-VPN gateway would be another useful feature.
`FIG. 5 depicts a detailed view of a packet switch in one
`The inter-VPN gateway forwards voice packets from one
`embodimentof the subject invention;
`VPNto another directly, without conversion to TDM first.
`FIG.6 depicts a flow diagram of forward signalingofacall
`Additionally, the same architecture also applies to other voice
`in the ingress soft switch of the system;
`over packet technologies such as ATMwith slight modifica-
`FIG.7 depicts a flow diagram of forwardsignaling ofa call
`tion, and not just VoIP.
`in the transit network;
`FIG.2 depicts a portion of an exemplary communications
`FIG.8 depicts a flow diagram of forward signaling ofa call
`system 200 in one embodimentofthe subject invention. The
`in the egress soft switch;
`system 200 comprises a Customer Premise 105 having a
`FIG. 9 depicts a flow diagram of return signaling ofa call
`plurality of IP phones (101, 102, 103) and a server 110 con-
`nected to a VoIP-VPN SP at the SP’s central office 205.
`in the egress soft switch;
`Connection 145is the connection between the customer 105
`FIG.10 depicts a flow diagram ofreturn signaling ofacall
`30
`in the transit network;
`and CO 205, and is made via one or more routers 140. In one
`FIG.11 depicts a flow diagram ofreturn signaling ofa call
`embodimentofthe invention, the subscriber (at the Customer
`in the ingress soft switch of the system;
`Premise) uses their own IP address in assigning IP address to
`FIG. 12 depicts encapsulation schemesofvoice packets in
`their devices. To increasereliability, dual access to the SP is
`one embodimentof the subject invention;
`possible (such as via a second connection 155 shown in
`FIG. 13 depicts a configuration of a call from the VPN to
`broken line format).
`The router 140 at the Customer Premise 105 is connected to
`the Public Switched Telephone Network in one embodiment
`of the subject invention;
`a special media gateway 210 at the SP’s central office. This
`FIG.14a depicts a configuration ofa call fromafirst VPN
`media gateway 210 accepts voice packets from an incoming
`to a second VPNin one embodimentofthe subject invention;
`interface and switches these packets to an outgoing interface.
`FIG. 146 depicts a configuration ofa call from a first VPN
`In H.248 terminology, all the terminations of this special
`to a second VPN in a second embodiment of the subject
`gateway are packetterminations, i.e. ephemeral terminations.
`invention; and
`Although the voice traffic remainsin packet form, its encap-
`FIG. 15 depicts a configuration for a call between two
`sulating scheme may change(e.g. from IP to ATM,or from IP
`locations on the same VPN where addresstranslation is used
`V4 to IP V6). Even if the packet encapsulation scheme
`to transfer traffic in the subject invention.
`remains the same, header information maybe changed(e.g.
`To facilitate understanding, identical reference numerals
`one IP address to another IP address), We refer to this type of
`have been used, where possible, to designate identical ele-
`media gateway 210 as a packet switch.
`Also located at the SP central office is a soft-switch 220.
`ments that are commontothefigures.
`Server 110 at the Customer Premise 105 will communicate
`with the soft-switch 220 with an agreed upon signaling pro-
`tocol. Examples ofsuitable protocols used are selected from
`The subject invention specifies a network architecture for
`the group consisting of H.248 and SIP. Thesoft-switch 220,
`providinga voice overIP virtual private network (VoIP VPN)
`based on requests from the server 110 or peersoft-switches
`service to a subscriber and a methodofestablishing such a
`(explained in greater detail below), sends the appropriate
`VoIP VPN. The VoIP VPNservice connectsall the IP-PBXs
`commands to packet switch 210 to set up the appropriate
`cross-connects. Such interaction between the soft-switch 220
`of a subscriberinto a single logical network. In one embodi-
`ment, the present invention providesa virtual private network
`and packet switch 210 is managedby a controlinterface (i.e.,
`service where subscribers can use their own internaldial plan.
`a vertical control interface) 215 (described in greater detail
`This does not preclude each IP phonefrom being assignedits
`below). The soft-switch is the intelligence of the system.It
`own E.164 number(the international standard dial plan) and
`containsall the information regarding the subscribers’ VPNs.
`receiving calls from the PSTN directly. Similarly, a sub-
`For example,it keeps track ofthe VPN that a location belongs
`scriber can use their own IP address assignment plan in
`to, the dial plansofthe subscribers, the VPN identifier for an
`assigning IP addresses to the IP-PBX server and the IP
`VPN(oraparticular interface) and thelike. The soft-switch
`phones. The VoIP VPNs from all the subscribers share a
`can be implemented in a distributed mannerin that its data-
`commonphysical network.
`base may be housed in a different physical unit than its pro-
`Connecting IP-PBXstogether to form a corporate network
`cessing logic modulesor asa single unit. For simplicity, in the
`has many advantages to the SP and subscribers alike. The
`following descriptions, the soft-switch represents the entire
`
`10
`
`15
`
`20
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`DETAILED DESCRIPTION
`
`PETITIONER APPLE INC.
`
`EX. 1003-19
`
`PETITIONER APPLE INC. EX. 1003-19
`
`

`

`US 7,486,684 B2
`
`20
`
`40
`
`6
`5
`advantages of putting the VoIP-VPNtraffic on separate layer
`system, containing all the necessary modules such assignal-
`ing, control logic, service logic, database andthelike.
`2 tunnels include:(1) the ability to engineer the tunnels to the
`In general, the subscriber would subscribe to manyser-
`desired QoS level; (2) an ease in security administration as the
`vices from the same SP, both data services as well as voice
`traffic is separated anddifferent policies can be appliedto the
`services (i.e., integrated access) via the first and second con-
`VoIP-VPNtraffic; and/or (3) diverse routing is dynamically
`nections 145 and 155. It is the SP’s responsibility to separate
`supportedonapercall basis. Calls to the same place can be
`the packets and direct them to the appropriate network equip-
`forwarded differently by mapping them to different layer 2
`tunnels.
`ment that supports the individual services. The separation
`function that separates all packets based on somecriteria is
`FIG, 4 depicts the general architecture of a transport net-
`referred to as packet classification. FIG. 3 depicts an abbre-
`work 400 which is connected to the system 200. Packet
`viated view of the communication system 200 for the pur-
`switches 210 of various SP central offices are connected to
`poses of focusing on packet classification. In most cases,
`eachother through a network 310 via connectionto a plurality
`packetclassification is performed in the packet switch 210.
`of network core packet switches 402. In some embodiments
`Both data andvoicetraffic is sent from the Customer Premise
`of the invention, tunnels are used in order to provide a guar-
`105 to the packet switch 210. The packet switch 210 classifies
`anteed level of quality of service as the tunnels can be engi-
`the packets and forwards all VoIP-VPN voice packets to a
`neered more easily. Examples of suitable tunneling tech-
`VoIP network (and vice versa). The VoIP network carries both
`niquesare frame relay permanentvirtual circuit (PVC), ATM
`on-net (within the same VoIP VPN) and off-net (to PSTN)
`PVC, MPLSlabeled switched path (LSP), IP tunnels and the
`calls. Packet switch 210 also forwards other packets to the
`like. Tunnels based on other higher layer protocols are con-
`appropriate services.
`sidered layer-2 connectionsas these tunnels functionally pro-
`In some implementations, a packet classifier 302 is exter-
`vide point-to-point connectivity (layer 2 functions).
`nal to the packet switch 210. One or more tunnels 300x are
`Note that the invention does not preclude direct logical
`established between packet classifier 302 and the packet
`connection between two “edge” packet switches 210. In fact,
`switch 210. The packet switch 302 forwardsall voicetraffic to
`this is the case if the traffic volume between two packet
`the packet switch 210 through these tunnels 300x. In short,
`switches warrants such a connection. Morespecifically, the
`packetclassification is a function of a logical module which
`invention supports both direct as well as consolidated (via
`can be external or internal to the packet switch 210.
`core packet switches 402) connection. In addition, connec-
`In one embodimentofthisclassifier 302, each access inter-
`tivity between the customer premise router 140 andthe edge
`face has an associated table whoseentries consist of destina-
`packet switch 210 as well as between packet switches do not
`tion and origination [P-address/UDPport pairs with protocol
`necessarily need to be based on tunnel technologies. The
`type UDP. The entries are dynamically created and deleted
`invention also supports regular connectionless IP. However,
`based on the call signaling. The table is created whenacall is
`in the latter case, quality of service may not be guaranteed.
`set up and deleted when a call is torn down. Packets matching
`A well accepted standard for the vertical control interface
`any oneofthe entries will be forwarded to the logical module
`215 between a media gateway controller(or soft-switch 220)
`that handles the VoIP-VPN logic. Otherwise, packets are
`and a media gateway (or packet switch 210) is the H.248
`processed as non VoIP-VPNtraffic.
`specification from the ITU, though others may be used. As
`As the numberofthe active phones rise even during busy
`there are many different types of media gateways, the H.248
`hours, the classification table is relatively small. If memory
`recommendation provides the means for the industry to
`and performance are concerns, many alternative algorithms
`extend the specifications to support the different types of
`are possible, but at
`the expense being more rigid. For
`gateways. These extensions are referred to as “packages”.
`example, all VoIP-VPN traffic can be assigned a diffServ
`The packet switch 210 can be considered as a specific type of
`(RFC 2474) code point (DSCP) and the classification may
`gateway where all the terminations are ephemeral (non-per-
`key on this code point. In this example,the classification table
`manent). This following description specifies the functional
`is a single entry, the DSCF. However, the subscriber has to
`characteristics of the interface between the soft-switch 220
`ensureno other applications or services use this DSCF value.
`and the packet switch 210, and can be implemented as a
`An alternate methodis to use an IP subnet mask. This implies
`package of the H.248 specification. Other embodiments of
`that all [P-phones, and only IP-phones, belong to this IP
`subnet.
`H.248 arealso possible.
`The classification process is performed at the first point of
`The structure of the packet switch 210 is described herein
`entry to the SP’s network. If the first point of entry is the
`for illustrative purposes only using the terminology of H.248.
`soft-switch 220, information to build the classification table is
`Thelogical structure of the packet switch 210 that manages
`already embeddedin the vertical control protocol betweenthe
`voicetraffic is depicted in FIG. 5. The packet switch 210 is
`soft-switch 220 and the packet switch 210 and no additional
`provided with a plurality of layer-1 (physical) or layer-2
`protocol is needed.Ifthefirst point ofentryis another device,
`(logical link) connections 502, 504, 506. The peer of these
`that device needs to support the classification module and to
`connections can be routers 140 at customer premises 105,
`be under soft-switch control. VoIP-VPNtraffic is forwarded
`routers within the SF’s IP network, and other packets
`to the packet switch 210 via a plurality of tunnels 300x such
`switches (210 or 402). Each connectioncarries a number of
`as but not limited to MPLS LSPs. An embodimentofthis
`voice calls. Each ofthe voice calls (denoted by arrows extend-
`control protocol is H.248 using an enhanced package that
`ing fromthe plurality of connections 502, 504 and 506 into
`supports this function.
`the packet switch 210) passes through a VPN Processing
`It is not necessary for the subscriber to classify packets at
`Logic Module 510. The VPN Processing Logic Module 510
`their premises. However, it may be advantageousto do so in
`decides how to establish theVPN based onthe originating and
`some instances. The classifier 302 allows the same architec-
`destination addresses in the call signaling information (dis-
`ture as the one at the SP central office and is under the control
`cussed in greater detail below). The maximum number of
`allowablecalls for each connection dependson the amountof
`of the IP-PBX server. After classification, the subscriber can
`put the VoIP-VPNtraffic in tunnels (for example, a dedicated
`networkresources allocated and the natureofthe calls (coder,
`layer 2 tunnel) and transfer the packets to the SP. Certain
`silence suppression, etc.). The soft-switch 220 manages the
`
`
`
`45
`
`50
`
`60
`
`
`
`PETITIONER APPLE INC.
`
`EX. 1003-20
`
`PETITIONER APPLE INC. EX. 1003-20
`
`

`

`US 7,486,684 B2
`
`
`
`7
`numberofactive calls over a specific connection. Calls are
`identified as call terminations within packet switch 210.
`Whenthe soft-switch 220 needs to establish a cross-con-
`nect (e.g. connect a VoIP call between two connections), it
`sends commands to the packet switch 210 at the appropriate
`time to perform the following tasks: (1) create a context for
`the call; (2) add appropriate ephemeral terminations to the
`context; and (3) cross-connect the terminations within a con-
`text in the appropriate time.
`The commandto create context, add terminations to con-
`texts and specifying the media flows within a context already
`exists in H.248. However, a new package is necessary to
`specify the naming convention for terminations. For the
`packet switch 210, a termination can be specified by two
`parameters, Connection End Point and Call Terminations.
`The Connection End-Point parameter identifies the connec-
`tion that the p