Browse Prior Art Database

CLOUD-CONTROLLED DORMANT MODE FOR DEVICE-INITIATED VIRTUAL PRIVATE NETWORK TUNNELS TO ENABLE CLOUD INTELLIGENT AND DEVICE AGNOSTIC APPLICATIONS

IP.com Disclosure Number: IPCOM000250050D
Publication Date: 2017-May-23
Document File: 7 page(s) / 183K

Publishing Venue

The IP.com Prior Art Database

Related People

Amjad Inamdar: AUTHOR [+2]

Abstract

A cloud-controlled dormant mode is provided for device-initiated Virtual Private Network (VPN) tunnels between devices and the cloud. This enables cloud-intelligent and device-agnostic cloud use cases such as cloud High Availability (HA) by enabling the cloud to control the device-to-cloud VPN operational state (thereby moving the required intelligence from the devices to the cloud) and hence controlling the reachability of cloud services through the VPN tunnel. A cloud-controlled in-band mechanism moves the device-to-cloud VPN tunnels in and out of a "dormant" mode as needed based on cloud intelligence. Dormant mode is a new VPN state in which the VPN data channel is up but nonoperational/unused and the VPN control channel is minimally up such that the VPN control channel may listen for a wake-up message from the cloud to restore the VPN data channel to an operational state. This involves defining new VPN control messages "SLEEP" and "WAKE-UP" to move the VPN tunnel in and out of dormant mode.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 23% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

CLOUD-CONTROLLED DORMANT MODE FOR DEVICE-INITIATED VIRTUAL PRIVATE NETWORK TUNNELS TO ENABLE CLOUD INTELLIGENT AND

DEVICE AGNOSTIC APPLICATIONS

AUTHORS: Amjad Inamdar

Syed Arslan Ahmed

CISCO SYSTEMS, INC.

ABSTRACT

A cloud-controlled dormant mode is provided for device-initiated Virtual Private

Network (VPN) tunnels between devices and the cloud. This enables cloud-intelligent and

device-agnostic cloud use cases such as cloud High Availability (HA) by enabling the

cloud to control the device-to-cloud VPN operational state (thereby moving the required

intelligence from the devices to the cloud) and hence controlling the reachability of cloud

services through the VPN tunnel. A cloud-controlled in-band mechanism moves the

device-to-cloud VPN tunnels in and out of a “dormant” mode as needed based on cloud

intelligence. Dormant mode is a new VPN state in which the VPN data channel is up but

nonoperational/unused and the VPN control channel is minimally up such that the VPN

control channel may listen for a wake-up message from the cloud to restore the VPN data

channel to an operational state. This involves defining new VPN control messages

“SLEEP” and “WAKE-UP” to move the VPN tunnel in and out of dormant mode.

DETAILED DESCRIPTION

Many cloud-based solutions (e.g., Software-Defined Networking (SDN), Internet

of Things (IoT), etc.) use a Virtual Private Network (VPN) tunnel between devices and the

cloud. The VPN tunnel is used for cloud management of devices (provisioning, control,

monitoring, assurance, etc.) and/or for data backhauling. This VPN-tunnel between the

devices and the cloud and initiated by the devices is referred to herein as a cloud VPN-

tunnel.

The cloud and devices are typically connected via a Wide Area Network (WAN) /

Internet. The devices may be dynamically addressed and, in most cases, located behind

dynamic Network Address Translation (NAT) / Port Address Translation (PAT). For these

Copyright 2017 Cisco Systems, Inc. 2

reasons, a VPN tunnel cannot be initiated by the cloud and instead has to be initiated by

the device. The device must also maintain a persistent VPN tunnel with periodic keepalive

messages to maintain NAT/PAT translation entries. This allows unsolicited traffic initiated

from the cloud to flow through the VPN tunnel, but leaves very little control on the cloud

to suspend and resume the VPN tunnels as needed.

On-demand suspension and resumption of VPN tunnels may be necessary/desirable

for use cases involving cloud High Availability (HA), preserving resources, IoT use cases

in which the cloud determines when to pull data, and other applications in which the

intelligence resides in the cloud.

Any cloud-initiated out-of-band mechanism (e.g., Hypertext Transfer Protocol

(HTTP), HTTP Secure (HTTPS) and Secure Shell (SSH) that could be used to request the

devices to create/delete a VPN tunnel exhibits the same inability to connect from the cloud

to the devices. This is because the...